summaryrefslogtreecommitdiffstats
path: root/docs (follow)
Commit message (Collapse)AuthorAgeFilesLines
* varlink: also honour new env var $SYSTEMD_VARLINK_LISTEN in ↵Lennart Poettering2024-01-161-0/+5
| | | | | | | | | | | | | varlink_server_listen_auto() varlink_server_listen_auto() is supposed to be the one-stop solution for turning simple command line tools into IPC services. They aren't easy to test/debug however, since you have to invoke them through a service manager. Let's make this easier: if the SYSTEMD_VARLINK_LISTEN env var is set, let's listen on the socket specified therein. This makes things easier to gdb: just run the service from the cmdline.
* mkosi: Build a directory image by defaultDaan De Meyer2024-01-121-0/+17
| | | | | | | | | | | | | | | | | | | Both building and booting a directory image is much faster than building or booting a disk image so let's default to a directory image. In CI, we stick to a disk image to make sure that keeps working as well. The only extra dependency this introduces is virtiofsd which is packaged in all distributions except Debian stable. For users hacking on systemd on Debian stable, a disk image can be built by writing the following to mkosi.local.conf: ``` [Output] Format=disk ```
* doc: document new /run/host/ inodes in container interface docLennart Poettering2024-01-111-0/+24
|
* sd-bus: also intrepret $SYSTEMD_SSH env varLennart Poettering2024-01-081-1/+2
| | | | | | To make things symmetric to the $SYSTEMD_SSH logic that the varlink transport supports, let's also honour such a variable in sd-bus when picking ssh transport.
* varlink: add "ssh:" transportLennart Poettering2024-01-081-0/+5
| | | | | | | | | | | | | | | | | | This uses openssh 9.4's -W support for AF_UNIX. Unfortunately older versions don't work with this, and I couldn#t figure a way that would work for older versions too, would not be racy and where we'd still could keep track of the forked off ssh process. Unfortunately, on older versions -W will just hang (because it tries to resolve the AF_UNIX path as regular host name), which sucks, but hopefully this issue will go away sooner or later on its own, as distributions update. Fedora is still stuck at 9.3 at the time of posting this (even on Fedora), even though 9.4, 9.5, 9.6 have all already been released by now. Example: varlinkctl call -j ssh:root@somehost:/run/systemd/io.systemd.Credentials io.systemd.Credentials.Encrypt '{"text":"foobar"}'
* udev: add upper bound of 5 hours to SYSTEMD_UDEV_EXTRA_TIMEOUT_SEC=Luca Boccassi2024-01-041-1/+2
| | | | | | Follow-up for b16c6076cb334c9da9602d4bafbf60381d6d630e CID#1533111
* udev: wait for an extra time before the manager kills workersYu Watanabe2024-01-021-0/+6
| | | | | | | | | | Otherwise, udev workers cannot detect slow programs invoked by IMPORT{program}=, PROGRAM=, or RUN=, and whole worker process may be killed. Fixes #30436. Co-authored-by: sushmbha <sushmita.bhattacharya@oracle.com>
* Add $SYSTEMD_HWDB_UPDATE_BYPASS (#30463)Daan De Meyer2023-12-141-0/+8
| | | | | | Same as $KERNEL_INSTALL_BYPASS, but for hwdb. This will speed up cross architecture image builds in mkosi as I can disable package managers from running the costly hwdb update stuff in qemu user mode and run it myself with a native systemd-hwdb with --root=.
* docs/CREDENTIALS: Don't write authorized_keys with executable bitsColin Walters2023-12-141-1/+1
| | | | No reason to make this file executable.
* RELEASE: mark a few items for the final stepLuca Boccassi2023-12-061-2/+2
| | | | | Doesn't make much sense to push RCs to the stable repository, just do that in the final tag push
* mkosi: Drop building custom kernel logicDaan De Meyer2023-11-291-20/+0
| | | | | | | | Now that mkosi-kernel is a thing, this logic in systemd is just mostly bitrotting since I just use mkosi-kernel these days. If I ever need to hack on systemd and the kernel in tandem, I'll just add support for building systemd to mkosi-kernel instead, so let's drop the support for building a custom kernel in systemd's mkosi configuration.
* Merge pull request #30236 from DaanDeMeyer/mkosiDaan De Meyer2023-11-282-7/+6
|\ | | | | Update to mkosi v19
| * Update to mkosi v19Daan De Meyer2023-11-282-7/+6
| | | | | | | | | | | | | | | | - Use mkosi.images/ instead of mkosi.presets/ - Use the .chroot suffix to run scripts in the image - Use BuildSources= match for the kernel build - Move 10-systemd.conf to mkosi.conf and rely on mkosi.local.conf for local configuration
* | shared/cryptsetup-util: build problematic code only in developer modeZbigniew Jędrzejewski-Szmek2023-11-281-1/+2
|/ | | | | | | | | | | | | | This code doesn't link when gcc+lld is used: $ LDFLAGS=-fuse-ld=lld meson setup build-lld && ninja -C build-lld udevadm ... ld.lld: error: src/shared/libsystemd-shared-255.a(libsystemd-shared-255.a.p/cryptsetup-util.c.o): symbol crypt_token_external_path@@ has undefined version collect2: error: ld returned 1 exit status As a work-around, restrict it to developer mode. Closes https://github.com/systemd/systemd/issues/30218.
* docs/RELEASE.md: retain systemd.io in IRC topic updateLuca Boccassi2023-11-141-1/+1
|
* doc: some trivial cleanups to MEMORY_PRESSURE.mdVito Caputo2023-11-141-30/+28
|
* storagetm: expose more useful metadata for nvme block devicesLennart Poettering2023-11-131-0/+11
| | | | | | don't let the devices to be announced just as model "Linux". Let's instead propagate the underlying block device's model. Also do something reasonably smart for the serial and firmware version fields.
* Fix some typos in RESOLVED-VPNS.mdJeremy Fleischman2023-11-121-5/+5
|
* man,doc: document some aspects of user record management/homed a bit betterLennart Poettering2023-11-081-14/+26
| | | | Fixes: #29759
* tree-wide: s/life-cycle/lifecycle/gZbigniew Jędrzejewski-Szmek2023-11-061-1/+1
|
* docs: fix title levels, remove unneded wordsZbigniew Jędrzejewski-Szmek2023-11-063-9/+9
| | | | | The title applies to the whole page, not just the first section. And there should be just one title ('# foo') in a given document.
* portable: add support for confextMaanya Goenka2023-11-031-7/+9
| | | | Support confexts for portable services
* nspawn: allow disabling os-release checkFrantisek Sumsal2023-11-031-0/+4
| | | | | | | | Introduce a new env variable $SYSTEMD_NSPAWN_CHECK_OS_RELEASE, that can be used to disable the os-release check for bootable OS trees. Useful when trying to boot a container with empty /etc/ and bind-mounted /usr/. Resolves: #29185
* firewall: allow selecting firewall backend via env varLennart Poettering2023-11-031-0/+6
|
* crytsetup: allow overriding the token .so library path via an env varLennart Poettering2023-11-021-0/+5
| | | | | | | | | | | | I tried to get something similar upstream: https://gitlab.com/cryptsetup/cryptsetup/-/issues/846 But no luck, it was suggested I use ELF interposition instead. Hence, let's do so (but not via ugly LD_PRELOAD, but simply by overriding the relevant symbol natively in our own code). This makes debugging tokens a ton easier.
* doc: document explicitly when we require specific top-level mounts to be ↵Lennart Poettering2023-10-301-0/+72
| | | | established
* nspawn: allow user-specified MAC address on container sideRaul Cheleguini2023-10-251-0/+6
| | | | | Introduce the environment variable SYSTEMD_NSPAWN_NETWORK_MAC to allow user-specified MAC address on container side.
* man,docs: suffix directories with /Mike Yuan2023-10-211-1/+1
|
* Merge pull request #29630 from DaanDeMeyer/manager-jsonDaan De Meyer2023-10-201-8/+5
|\ | | | | Various refactoring in preparation for adding JSON dump to pid 1
| * mkosi: Use RuntimeTrees= to mount sourcesDaan De Meyer2023-10-201-8/+5
| | | | | | | | | | | | | | Instead of using ExtraTrees=, let's use the new RuntimeTrees= option to mount the full repository into the VM/container. Let's also store the sources under /usr/src/systemd and update the gdbinit file and vscode HACKING guide section to match the new location.
* | Merge pull request #29626 from bluca/auto_soft_rebootLuca Boccassi2023-10-201-0/+7
|\ \ | | | | | | systemctl: automatically softreboot/kexec if set up on reboot
| * | systemctl: automatically softreboot/kexec if set up on rebootLuca Boccassi2023-10-201-0/+7
| |/ | | | | | | | | | | | | | | | | Automatically softreboot if the nextroot has been set up with an OS tree, or automatically kexec if a kernel has been loaded with kexec --load. Add SYSTEMCTL_SKIP_AUTO_KEXEC and SYSTEMCTL_SKIP_AUTO_SOFT_REBOOT to skip the automated switchover.
* / credentials: document that their path is stable for system servicesJoerg Behrmann2023-10-201-1/+6
|/
* sd-boot: add way to disable the 100ms delay when timeout=0Emil Velikov2023-10-171-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have a 100ms delay which allows for people to enter/show the boot menu even when timeout is set to zero. In a handful of cases, that may not be needed - both in terms of access policy, as well as latency. For example: the option to provide the boot menu may be hidden behind an "expert only" UX in the OS, to avoid end users from accidentally entering it. In addition, the current 100ms input polling may cause unexpected additional delays in the boot. Some example numbers from my SteamDeck: - boot counting/rename/flush doubles 300us -> 600us - seed/hash setup doubles 900us -> 1800us - kernel/image load gets ~40% slower 107ms -> 167ms It's not entirely clear why the UEFI calls gets slower, nevertheless the information in itself proves useful. This commit introduces a new option "menu-disabled", which omits the 100ms delay. The option is documented throughout the manual pages as well as the Boot Loader Specification. v2: - use STR_IN_SET v3: - drop erroneous whitespace v4: - add a new LoaderFeature bit, - don't change ABI keep TIMEOUT_* tokens the same - move new token in the 64bit range, update API and storage for it - change inc/dec behaviour to TIMEOUT_MIN : TIMEOUT_MENU_FORCE - user cannot opt-in from sd-boot itself, add assert_not_reached() v5: - s/Menu disablement control/Menu can be disabled/ - rewrap comments to 109 - use SYNTHETIC_ERRNO(EOPNOTSUPP) Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
* docs/BOOT_LOADER_INTERFACE: mention that menu-* options are stringsEmil Velikov2023-10-171-1/+2
| | | | | | | | | | | | | To be on the safe side, explicitly mention that apart from the numerical entries we can allow string ones. Implementation-wise, bootctl will use internal numerical values that match sd-boot's ABI. The latter also accepts the string options. Going forward we'd like to avoid adding more internal magic and be more explicit. Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
* docs/FILE_DESCRIPTOR_STORE: NotifyAccess=cgroup -> allMike Yuan2023-10-171-1/+1
| | | | Fixes #29590
* Merge pull request #29272 from enr0n/coredump-containerLennart Poettering2023-10-161-0/+1
|\ | | | | coredump: support forwarding coredumps to containers
| * man: document CoredumpReceive= settingNick Rosbrook2023-10-131-0/+1
| |
* | Merge pull request #29558 from mrc0mmand/varlinkctl-testsDaan De Meyer2023-10-161-2/+21
|\ \ | | | | | | varlink: add a couple of tests + accompanying fixes
| * | docs: update fuzzers docsFrantisek Sumsal2023-10-141-2/+21
| |/
* / core: add systemd-executor binaryLuca Boccassi2023-10-121-0/+22
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we spawn services by forking a child process, doing a bunch of work, and then exec'ing the service executable. There are some advantages to this approach: - quick: we immediately have access to all the enourmous amount of state simply by virtue of sharing the memory with the parent - easy to refactor and add features - part of the same binary, will never be out of sync There are however significant drawbacks: - doing work after fork and before exec is against glibc's supported case for several APIs we call - copy-on-write trap: anytime any memory is touched in either parent or child, a copy of that page will be triggered - memory footprint of the child process will be memory footprint of PID1, but using the cgroup memory limits of the unit The last issue is especially problematic on resource constrained systems where hard memory caps are enforced and swap is not allowed. As soon as PID1 is under load, with no page out due to no swap, and a service with a low MemoryMax= tries to start, hilarity ensues. Add a new systemd-executor binary, that is able to receive all the required state via memfd, deserialize it, prepare the appropriate data structures and call exec_child. Use posix_spawn which uses CLONE_VM + CLONE_VFORK, to ensure there is no copy-on-write (same address space will be used, and parent process will be frozen, until exec). The sd-executor binary is pinned by FD on startup, so that we can guarantee there will be no incompatibilities during upgrades.
* doc: readd vanished ```Lennart Poettering2023-10-111-0/+1
| | | | | This disappeared in 1e8f5f79e1b6ae2b4115df280c626b71c54a5bb6, let's restore it.
* docs: document that in future we'll do EV_EVENT_TAG only, no EV_IPLLennart Poettering2023-10-111-0/+10
|
* doc-sync: add support for uploading the documentation for mainAbderrahim Kitouni2023-10-101-6/+6
| | | | | | It will refuse running on any other branch than main or stable branches. Also update the release instructions to run it on the stable branch.
* Merge pull request #29507 from abderrahim/doc-sync-improvementLuca Boccassi2023-10-101-2/+3
|\ | | | | Improvements to the doc-sync target
| * doc-sync: automatically detect whether we're updating the latest versionAbderrahim Kitouni2023-10-091-2/+3
| | | | | | | | also update the release instructions to push release candidates to -stable
* | boot: measure loader.conf in PCR5Luca Boccassi2023-10-091-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Results in: - EventNum: 26 PCRIndex: 5 EventType: EV_EVENT_TAG DigestCount: 4 Digests: - AlgorithmId: sha1 Digest: 155fb999ca61ba8c7b1f1d87cee821f772ef084a - AlgorithmId: sha256 Digest: 4c26adf231603613afc00bb3d5cad046aec6a525ca01262417c7085caab452b5 - AlgorithmId: sha384 Digest: 3e0758cb6605ac274e55d747bf29ee3474fc4413cd5e7a451d1375219cd7f08a30fc915a8df7131657ca78b82b9ccec8 - AlgorithmId: sha512 Digest: e32d905b9092c543802f386db9a397d9b6593bdb8360fb747a6d23e491a09595fec8699184cc790d0873a3d52ed16d045538f0c73ece48278fae0fb6ed9b4ed6 EventSize: 32 Event: 2a58bcf5180000006c006f0061006400650072002e0063006f006e0066000000
* | stub: measure all cmdline addons togetherLuca Boccassi2023-10-091-4/+3
| |
* | stub: add support for dtb addonsLuca Boccassi2023-10-091-0/+10
|/ | | | Same as kernel command line addons.
* Update HACKING instructionsDaan De Meyer2023-10-061-33/+30
| | | | | | | Let's mention that we just need the latest stable release of mkosi, not the latest git commit. We also split the instructions for building on the host and the instructions for building with mkosi into two blocks, as it's not required to build on the host anymore to build with mkosi.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 10:30:54 +0100