| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's replace the "compat" module in our proposed nsswitch.conf
configuration with "files", since it is not 1995 anymore.
Fedora and other distros have deprecated and removed NIS support a while
back. While others still retain some support I am not sure we should
advertise it in our examples. Downstream can of course still use
"compat" instead of "files" if they want to, but let's not confuse
people who don't care about NIS anymore with this.
Also, bring the nsswitch.conf snippet in README in line with what our
man pages say.
Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
|
|
|
|
|
|
|
| |
Allow defining the default keymap to be used by
vconsole-setup through a build option. A template
vconsole.conf also gets populated by tmpfiles if
it doesn't exist.
|
|
|
|
|
|
|
|
|
| |
GIT_VERSION is not available as a config.h variable, because it's rendered
into version.h during builds. Let's rework jinja2 rendering to also
parse version.h. No functional change, the new variable is so far unused.
I guess this will make partial rebuilds a bit slower, but it's useful
to be able to use the full version string.
|
|
|
|
|
|
| |
This explicitly mentions that comments and empty lines are supported
(and ignored) in /etc/locale.conf. It then adds ownership reference
to the factory default.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds /etc/locale.conf to the set of configuration files
populated by tmpfiles.d factory /etc handling.
In particular, the build-time locale configuration in systemd is
now wired to a /usr factory file, and installed to the system.
On boot, if other locale customization tools did not write
/etc/locale.conf on the system, the factory default file gets
copied to /etc by systemd-tmpfiles.
This is done in order to avoid skews between different system
components when no locale settings are configured. At that point,
systemd can safely act as the fallback owner of /etc/locale.conf.
|
|
|
|
|
|
|
|
| |
This was a copy/paste mistae apparently, there's not "try_authtok" and
this was supposed to copy what Fedora uses, which uses "use_authtok"
correctly. Hence adjust this.
Fixes: #19369
|
|
|
|
|
|
|
| |
This ensures we not only synthesize regular paswd/group records of
userdb records, but shadow records as well. This should make sure that
userdb can be used as comprehensive superset of the classic
passwd/group/shadow/gshadow functionality.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I am pretty sure /etc/hosts (i.e. an explicitly configured, local,
trusted database) should be useful for overriding the automatic
myhostname logic.
resolved's internal logic handles it that way and hence we should
suggest it in the NSS fallback line, too.
Let's also bring the factory file back into sync with what the docs say.
And update the prose a bit too, to actually match what we recommend.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we make the user/group name resolving available via userdb and
thus nss-systemd, we do not need the UID/GID resolving support in
nss-mymachines anymore. Let's drop it hence.
We keep the module around, since besides UID/GID resolving it also does
hostname resolving, which we care about. (One of those days we should
replace that by some Varlink logic between
nss-resolve/systemd-resolved.service too)
The hooks are kept in the NSS module, but they do not resolve anything
anymore, in order to keep compat at a maximum.
|
|
|
|
| |
In a way fixes: https://bugs.freedesktop.org/show_bug.cgi?id=67474
|
|
|
|
|
|
|
|
|
|
|
| |
This changes nss-systemd to use the new varlink user/group APIs for
looking up everything.
(This also changes the factory /etc/nsswitch.conf line to use for
hooking up nss-system to use glibc's [SUCCESS=merge] feature so that we
can properly merge group membership lists).
Fixes: #12492
|
|
|
|
|
|
| |
Booting up an image with --volatile=yes otherwise looks so naked, so
let's include this file in the default factory too. It's common and
simple and should be safe to ship.
|
|
|
|
|
| |
We use the keyring, so let's make sure it gets properly initialized for
sessions in factory reset mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.
Let's lock this down explicitly, by hooking in pam_deny.so.
Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.
Fixes: #12950
|
|
|
|
|
| |
Also add a note in the man pages to remind people to adjust the factory config
and other man pages at the same time.
|
|
|
|
|
|
|
|
| |
Stupid PAM, please just go away!
login[26]: pam_limits(login:session): error parsing the configuration file: '/etc/security/limits.conf'
login[26]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
login[26]: Error in service module
|
| |
|
| |
|
|
Single PAM fallback config file to be used in /etc to allow
bootstrapping of a system with an empty /etc.
|