| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
| |
These fields are used to connect a JSON user record to its blob
directory, and to include the directory's contents in the record's
signature
|
|
|
|
|
| |
We're documenting the behavior of blob directories here. These docs
refer to things that aren't yet implemented at the time of the commit, but will be later in the same PR.
|
|\
| |
| | |
meson: Start adding devel and rc suffixes to the project version
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's make sure that versions generated by meson-vcs-tag.sh always
sort higher than official and stable releases. We achieve this by
immediately updating the meson version in meson.build after a new
release. To make sure this version always sorts lower than future
rcs, we suffix it with "~devel" which will sort lower than "~rcX".
The new release workflow is to update the version in meson.build
for each rc and the official release and to also update the version
number after a new release to the next development version.
The full version is exposed as PROJECT_VERSION_FULL and used where
it makes sense over PROJECT_VERSION.
We also switch to reading the version from a meson.version file in
the repo instead of hardcoding it in meson.build. This makes it
easier to access both inside and outside of the project.
The meson-vcs-tag.sh script is rewritten to query the version from
meson.version instead of passing it in via the command line. This
makes it easier to use outside of systemd since users don't have to
query the version themselves first.
|
| |
| |
| |
| |
| | |
This gets the point across better that we want the rc to sort lower
than the official release.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds fields to the user record logic to allow a "fallback" home
directory and shell to be set as part of the "status" section of the
user record, i.e. supplied by the manager of the user record.
The idea is that if the fallback homedir/shell is set it will take
precedence over the real one in most ways.
Usecase: let's try to make ssh logins into homed directories work.
systemd-homed would set a fallback shell/homedir for inactive home dirs.
Thus, when ssh logins take place via key auth, we can allow them, and
these fallback session params would be used because the real home cannot
be activated just yet becasue we cannot acquire any password for it from
the user.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This field is like preferredLanguage, but takes a priority list of
languages instead. If an app isn't translated into a user's primary
language, it can fall back to one of the other languages in the list
thus making the app more accessible to the user.
For instance: in my experience, many Ukrainians are fluent in Russian,
often significantly better than English (especially if they are of a
generation that grew up during the USSR). Such a person might set this
new variable to ["uk_UA.UTF-8", "ru_UA.UTF-8"] so that software that
lacks Ukrainian translations will first try Russian translations before
defaulting to English.
Fixes #31290
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tilde sorts lower in the version comparison spec:
https://uapi-group.org/specifications/specs/version_format_specification/
➜ systemd git:(strip) systemd-analyze compare-versions 249\~rc1 249
249\~rc1 < 249
➜ systemd git:(strip) systemd-analyze compare-versions 249-rc1 249
249-rc1 > 249
Also update tools/meson-vcs-tag.sh to use carets instead of hyphens
for the git part of the version as carets are allowed to be part of
a version by pacman while hyphens are not and both sort higher than
a version without the git part.
|
|
|
|
|
| |
It's not the literal private key, but EVP_PKEY becomes a reference
to the engine/provider that OpenSSL knows how to use later
|
|\
| |
| | |
Some docs updates
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It silly for our docs to say that they aren't when we added support for this a
few years ago.
Also, drop some mentions of "runtime". This implied that those values can be
changed almost at will, but actually, they can only be meaningfully changed
_before_ the allocations are made.
|
| |
| |
| |
| |
| |
| | |
When running an image that cannot be mounted (e.g.: key missing intentionally
for development purposes), there's a retry loop that takes some time
and slows development down. Add an env var to disable it.
|
| |
| |
| |
| |
| | |
Let's remove some explicit references to dracut as we prefer initrds
built with mkosi these days.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
varlink_server_listen_auto()
varlink_server_listen_auto() is supposed to be the one-stop solution for
turning simple command line tools into IPC services. They aren't easy to
test/debug however, since you have to invoke them through a service
manager.
Let's make this easier: if the SYSTEMD_VARLINK_LISTEN env var is set,
let's listen on the socket specified therein. This makes things easier
to gdb: just run the service from the cmdline.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Both building and booting a directory image is much faster than
building or booting a disk image so let's default to a directory
image.
In CI, we stick to a disk image to make sure that keeps working as
well.
The only extra dependency this introduces is virtiofsd which is
packaged in all distributions except Debian stable. For users
hacking on systemd on Debian stable, a disk image can be built by
writing the following to mkosi.local.conf:
```
[Output]
Format=disk
```
|
|/ |
|
|
|
|
|
|
| |
To make things symmetric to the $SYSTEMD_SSH logic that the varlink
transport supports, let's also honour such a variable in sd-bus when
picking ssh transport.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This uses openssh 9.4's -W support for AF_UNIX. Unfortunately older versions
don't work with this, and I couldn#t figure a way that would work for
older versions too, would not be racy and where we'd still could keep
track of the forked off ssh process.
Unfortunately, on older versions -W will just hang (because it tries to
resolve the AF_UNIX path as regular host name), which sucks, but hopefully this
issue will go away sooner or later on its own, as distributions update.
Fedora is still stuck at 9.3 at the time of posting this (even on
Fedora), even though 9.4, 9.5, 9.6 have all already been released by
now.
Example:
varlinkctl call -j ssh:root@somehost:/run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt '{"text":"foobar"}'
|
|
|
|
|
|
| |
Follow-up for b16c6076cb334c9da9602d4bafbf60381d6d630e
CID#1533111
|
|
|
|
|
|
|
|
|
|
| |
Otherwise, udev workers cannot detect slow programs invoked by
IMPORT{program}=, PROGRAM=, or RUN=, and whole worker process may be
killed.
Fixes #30436.
Co-authored-by: sushmbha <sushmita.bhattacharya@oracle.com>
|
|
|
|
|
|
| |
Same as $KERNEL_INSTALL_BYPASS, but for hwdb. This will speed up
cross architecture image builds in mkosi as I can disable package
managers from running the costly hwdb update stuff in qemu user
mode and run it myself with a native systemd-hwdb with --root=.
|
|
|
|
| |
No reason to make this file executable.
|
|
|
|
|
| |
Doesn't make much sense to push RCs to the stable repository, just
do that in the final tag push
|
|
|
|
|
|
|
|
| |
Now that mkosi-kernel is a thing, this logic in systemd is just mostly
bitrotting since I just use mkosi-kernel these days. If I ever need to
hack on systemd and the kernel in tandem, I'll just add support for
building systemd to mkosi-kernel instead, so let's drop the support for
building a custom kernel in systemd's mkosi configuration.
|
|\
| |
| | |
Update to mkosi v19
|
| |
| |
| |
| |
| |
| |
| |
| | |
- Use mkosi.images/ instead of mkosi.presets/
- Use the .chroot suffix to run scripts in the image
- Use BuildSources= match for the kernel build
- Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf
for local configuration
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code doesn't link when gcc+lld is used:
$ LDFLAGS=-fuse-ld=lld meson setup build-lld && ninja -C build-lld udevadm
...
ld.lld: error: src/shared/libsystemd-shared-255.a(libsystemd-shared-255.a.p/cryptsetup-util.c.o):
symbol crypt_token_external_path@@ has undefined version
collect2: error: ld returned 1 exit status
As a work-around, restrict it to developer mode.
Closes https://github.com/systemd/systemd/issues/30218.
|
| |
|
| |
|
|
|
|
|
|
| |
don't let the devices to be announced just as model "Linux". Let's instead
propagate the underlying block device's model. Also do something
reasonably smart for the serial and firmware version fields.
|
| |
|
|
|
|
| |
Fixes: #29759
|
| |
|
|
|
|
|
| |
The title applies to the whole page, not just the first section.
And there should be just one title ('# foo') in a given document.
|
|
|
|
| |
Support confexts for portable services
|
|
|
|
|
|
|
|
| |
Introduce a new env variable $SYSTEMD_NSPAWN_CHECK_OS_RELEASE, that can
be used to disable the os-release check for bootable OS trees. Useful
when trying to boot a container with empty /etc/ and bind-mounted /usr/.
Resolves: #29185
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I tried to get something similar upstream:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/846
But no luck, it was suggested I use ELF interposition instead. Hence,
let's do so (but not via ugly LD_PRELOAD, but simply by overriding the
relevant symbol natively in our own code).
This makes debugging tokens a ton easier.
|
|
|
|
| |
established
|
|
|
|
|
| |
Introduce the environment variable SYSTEMD_NSPAWN_NETWORK_MAC to allow
user-specified MAC address on container side.
|
| |
|
|\
| |
| | |
Various refactoring in preparation for adding JSON dump to pid 1
|
| |
| |
| |
| |
| |
| |
| | |
Instead of using ExtraTrees=, let's use the new RuntimeTrees= option
to mount the full repository into the VM/container. Let's also store
the sources under /usr/src/systemd and update the gdbinit file and
vscode HACKING guide section to match the new location.
|
|\ \
| | |
| | | |
systemctl: automatically softreboot/kexec if set up on reboot
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
Automatically softreboot if the nextroot has been set up with an OS
tree, or automatically kexec if a kernel has been loaded with kexec
--load.
Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to
skip the automated switchover.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we have a 100ms delay which allows for people to enter/show
the boot menu even when timeout is set to zero.
In a handful of cases, that may not be needed - both in terms of access
policy, as well as latency.
For example: the option to provide the boot menu may be hidden behind an
"expert only" UX in the OS, to avoid end users from accidentally
entering it.
In addition, the current 100ms input polling may cause unexpected
additional delays in the boot. Some example numbers from my SteamDeck:
- boot counting/rename/flush doubles 300us -> 600us
- seed/hash setup doubles 900us -> 1800us
- kernel/image load gets ~40% slower 107ms -> 167ms
It's not entirely clear why the UEFI calls gets slower, nevertheless the
information in itself proves useful.
This commit introduces a new option "menu-disabled", which omits the
100ms delay. The option is documented throughout the manual pages as
well as the Boot Loader Specification.
v2:
- use STR_IN_SET
v3:
- drop erroneous whitespace
v4:
- add a new LoaderFeature bit,
- don't change ABI keep TIMEOUT_* tokens the same
- move new token in the 64bit range, update API and storage for it
- change inc/dec behaviour to TIMEOUT_MIN : TIMEOUT_MENU_FORCE
- user cannot opt-in from sd-boot itself, add assert_not_reached()
v5:
- s/Menu disablement control/Menu can be disabled/
- rewrap comments to 109
- use SYNTHETIC_ERRNO(EOPNOTSUPP)
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be on the safe side, explicitly mention that apart from the numerical
entries we can allow string ones.
Implementation-wise, bootctl will use internal numerical values that
match sd-boot's ABI. The latter also accepts the string options.
Going forward we'd like to avoid adding more internal magic and be more
explicit.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
|