summaryrefslogtreecommitdiffstats
path: root/man/rules (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Introduce systemd-keyutil to do various key/certificate operationsDaan De Meyer2024-11-081-0/+1
| | | | | | | | Let's gather generic key/certificate operations in a new tool systemd-keyutil instead of spreading them across various special purpose tools. Fixes #35087
* man: run update-man-rulesLuca Boccassi2024-11-061-0/+1
|
* man: add brief entrypoint man page for sd-varlinkLennart Poettering2024-11-051-0/+1
| | | | | | | | We have this in a similar fashion for the other APIs libsystemd provides. Add the same for sd-varlink. There isn't too much on it for now, but at least it's a start. Also link it up everywhere.
* meson: add separate option for sysupdated, disable in release buildsZbigniew Jędrzejewski-Szmek2024-10-311-3/+3
| | | | | | This commit introduces a build-time option to enable/disable sysupdated separately from sysupdate. 'auto' translated to enabled by default in developer builds.
* sysupdate: Introduce optional featuresAdrian Vovk2024-10-181-0/+1
| | | | | | | | | | | | | | | | | | Optional features allow distros to define sets of transfers that can be enabled or disabled by the system administrator. This is useful for situations where a distro may want to ship some resources version-locked to the core OS, but many people have no need for the resource, such as: development tools/compilers, drivers for specialized hardware, language packs, etc We also rename sysupdate.d/*.conf -> sysupdate.d/*.transfer, because now there are more than one type of definition in sysupdate.d/. For backwards compat, we still load *.conf files as long as no *.transfer files are found and the *.conf files don't try to declare themselves as part of any features Fixes https://github.com/systemd/systemd/issues/33343 Fixes https://github.com/systemd/systemd/issues/33344
* man: add basic documents for org.freedesktop.timesync1Yu Watanabe2024-09-101-0/+1
| | | | Closes #34352.
* sd-device: make device_get_device_id() publicYu Watanabe2024-08-271-1/+2
| | | | | | We have already exposed sd_device_new_from_device_id(), but we have never provide the way to get device ID from an existing sd_device object.
* sd-device: introduce sd_device_get_driver_subsystem()Yu Watanabe2024-08-271-0/+1
| | | | | | | | | | | To create the sd_device object of a driver, the function sd_device_new_from_subsystem_sysname() requires "drivers" for subsystem and e.g. "pci:iwlwifi" for sysname. Similarly, sd_device_new_from_device_id() also requires driver subsystem. However, we have never provided a way to get the driver subsystem ("pci" for the previous example) from an existing sd_device object. Let's introduce a way to get driver subsystem.
* sysupdate: Implement updatectlAdrian Vovk2024-08-211-0/+1
| | | | | | | This is the command-line tool to manage systemd-sysudpated Co-authored-by: Tom Coldrick <thomas.coldrick@codethink.co.uk> Co-authored-by: Abderrahim Kitouni <abderrahim.kitouni@codethink.co.uk>
* sysupdate: Implement systemd-sysupdated dbus serviceAdrian Vovk2024-08-211-0/+5
| | | | | Co-authored-by: Tom Coldrick <thomas.coldrick@codethink.co.uk> Co-authored-by: Abderrahim Kitouni <abderrahim.kitouni@codethink.co.uk>
* import: add generator that synthesizes download jobs from kernel cmdlineLennart Poettering2024-06-251-0/+1
|
* man: add brief intro page to new sd-json APIsLennart Poettering2024-06-121-0/+1
|
* sd-bus: add new sd_bus_pending_method_calls() callLennart Poettering2024-06-121-0/+1
|
* man: run update-man-rules againLennart Poettering2024-04-221-1/+2
|
* mountfsd: add new systemd-mountfsd componentLennart Poettering2024-04-061-0/+1
|
* nsresourced: add new daemon for granting clients user namespaces and ↵Lennart Poettering2024-04-061-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | assigning resources to them This adds a small, socket-activated Varlink daemon that can delegate UID ranges for user namespaces to clients asking for it. The primary call is AllocateUserRange() where the user passes in an uninitialized userns fd, which is then set up. There are other calls that allow assigning a mount fd to a userns allocated that way, to set up permissions for a cgroup subtree, and to allocate a veth for such a user namespace. Since the UID assignments are supposed to be transitive, i.e. not permanent, care is taken to ensure that users cannot create inodes owned by these UIDs, so that persistancy cannot be acquired. This is implemented via a BPF-LSM module that ensures that any member of a userns allocated that way cannot create files unless the mount it operates on is owned by the userns itself, or is explicitly allowelisted. BPF LSM program with contributions from Alexei Starovoitov.
* man: regenerate rulesZbigniew Jędrzejewski-Szmek2024-04-041-1/+1
| | | | Fixup for dfad86b83807fa8696ca94982a5ba591b6d86a80.
* units: introduce systemd-hibernate-clear.service that clearsMike Yuan2024-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | | stale HibernateLocation EFI variable Currently, if the HibernateLocation EFI variable exists, but we failed to resume from it, the boot carries on without clearing the stale variable. Therefore, the subsequent boots would still be waiting for the device timeout, unless the variable is purged manually. There's no point to keep trying to resume after a successful switch-root, because the hibernation image state would have been invalidated by then. OTOH, we don't want to clear the variable prematurely either, i.e. in initrd, since if the resume device is the same as root one, the boot won't succeed and the user might be able to try resuming again. So, let's introduce a unit that only runs after switch-root and clears the var. Fixes #32021
* Merge pull request #29721 from poettering/systemd-projectZbigniew Jędrzejewski-Szmek2024-03-261-0/+1
|\ | | | | New capsule@.service feature
| * man: document the new conceptsLennart Poettering2024-03-141-0/+1
| |
* | man: Install sysext man pages when ENABLE_SYSEXT is trueKrzesimir Nowak2024-03-251-1/+1
| |
* | Rename uid0 to run0Zbigniew Jędrzejewski-Szmek2024-03-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Naming is always a matter of preference, and the old name would certainly work, but I think the new one has the following advantages: - A verb is better than a noun. - The name more similar to "the competition", i.e. 'sudo', 'pkexec', 'runas', 'doas', which generally include an action verb. - The connection between 'systemd-run' and 'run0' is more obvious. There has been no release yet with the old name, so we can rename without caring for backwards compatibility.
* | sd-journal: introduce sd_journal_stream_fd_with_namespaceMike Yuan2024-03-141-1/+1
|/
* man: fix systemd-measure manpage conditionalLuca Boccassi2024-03-101-1/+1
| | | | Follow-up for ec3cf73f303cf99ba73c91b734401b3ad2c218e9
* meson/man: allow man pages to use multiple conditionsZbigniew Jędrzejewski-Szmek2024-03-061-7/+7
| | | | | | This way the man pages are installed only when the corresponding binary is installed. The conditions in man pages and man/rules/meson.build are adjusted to match the conditions for units in units/meson.build.
* man: document new importctl/importd functionalityLennart Poettering2024-03-011-0/+1
| | | | | | | | This also replaces the Fedora download example with another one from Ubuntu, since Fedora's images these days no longer qualify as DDIs, they have no distinctive partition type UUIDs set for multiple of their partitions, hence the images cannot be booted. A bit sad. Let's provide a command that just works in its place.
* man: always install bootctlFranck Bui2024-01-311-1/+1
| | | | | Since dedb925eafee8214ae565b861dfacfc02085f158 /usr/bin/bootctl is always built so does its man page.
* man: document the new APIsLennart Poettering2024-01-291-0/+2
|
* Merge pull request #30867 from dtardon/udev-conf-dropinsYu Watanabe2024-01-111-1/+1
|\ | | | | Allow dropins for udev.conf
| * man: update udev.conf man pageDavid Tardon2024-01-111-1/+1
| |
* | ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK ↵Lennart Poettering2024-01-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sockets This adds a tiny binary that is hooked into SSH client config via ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket of choice. The syntax is as simple as this: ssh unix/some/path # (this connects to AF_UNIX socket /some/path) or: ssh vsock/4711 I used "/" as separator of the protocol ID and the value since ":" is already taken by SSH itself when doing sftp. And "@" is already taken for separating the user name.
* | ssh-generator: add simple new generatorLennart Poettering2024-01-111-0/+1
|/
* man: document the new vpick conceptLennart Poettering2024-01-031-0/+2
|
* units: add a tpm2.target synchronization point and small generator that pulls inLennart Poettering2024-01-031-0/+1
| | | | | | | | | | | | | | | | | | | Distributions apparently only compile a subset of TPM2 drivers into the kernel. For those not compiled it but provided as kmod we need a synchronization point: we must wait before the first TPM2 interaction until the driver is available and accessible. This adds a tpm2.target unit as such a synchronization point. It's ordered after /dev/tpmrm0, and is pulled in by a generator whenever we detect that the kernel reported a TPM2 to exist but we have no device for it yet. This should solve the issue, but might create problems: if there are TPM devices supported by firmware that we don't have Linux drivers for we'll hang for a bit. Hence let's add a kernel cmdline switch to disable (or alternatively force) this logic. Fixes: #30164
* man: conditionalize sd-pcrlock and sd-measure on the same variable as their ↵Luca Boccassi2023-12-231-2/+2
| | | | | | | | | | | | | | binaries The binaries are built and installed if HAVE_TPM2 is set, and ignore ENABLE_BOOTLOADER, so do the same for the manpages. For the sd-pcrlock case this also installs the manpage aliases for the units, which are not installed with -Dbootloader=disabled, but there's no way to conditionalize the aliases, so on balance it's better to have too much documentation rather than too little. Fixes https://github.com/systemd/systemd/issues/30588
* run: when invoked as "uid0", expose some sudo-like behaviourLennart Poettering2023-12-211-0/+1
| | | | | | | | | This turns "systemd-run" into a multi-call binary. When invoked under the name "uid0", then it behaves a bit more like traditional "sudo". This mostly means defaults appropriuate for that, for example a PAM stack, interactivity and more. Fixes: #29199
* homectl: add "firstboot" commandLennart Poettering2023-12-181-1/+1
| | | | | | | This extends what systemd-firstboot does and runs on first boots only and either processes user records passed in via credentials to create, or asks the user interactively to create one (only if no regular user exists yet).
* Merge pull request #28891 from poettering/pcrlockLuca Boccassi2023-11-031-0/+11
|\ | | | | new pcrlock tool for generating signed PCR policies for PCR 0, 1, 4, …
| * man: document pcrlockLennart Poettering2023-11-031-0/+11
| |
* | Merge pull request #29508 from CodethinkLabs/systemd-vmspawn-prLuca Boccassi2023-11-031-0/+1
|\ \ | |/ |/| systemd-vmspawn implementation that only supports disk images
| * vmspawn: created man pageSam Leonard2023-11-021-0/+1
| |
* | man: add docs for new storagetm serviceLennart Poettering2023-11-021-0/+1
|/
* man: run ninja update-man-rules againLennart Poettering2023-11-011-3/+3
| | | | Apparently this has been forgotten a couple of times.
* New PAM module: pam_systemd_loadkeyJin Liu2023-10-311-0/+1
| | | | | | | | This module reads password from kernel keyring and sets it as PAM authtok. It's inspired by gdm's pam_gdm, which reads the LUKS password stored by systemd-cryptsetup, so Gnome Keyring can be automatically unlocked if set to the same password (when autologin is enabled so the user doesn't enter a password in gdm).
* meson: Always build systemd-measureDaan De Meyer2023-10-251-1/+1
| | | | | | | Same idea as with bootctl, we might be doing image builds from a system that doesn't boot with UEFI but we still might want to measure stuff for the image we're building so let's not gate this behind ENABLE_BOOTLOADER.
* meson: Always build bootctlDaan De Meyer2023-10-251-1/+1
| | | | | | | | bootctl is rather useful to have, even if on a system without UEFI, as it has a number of verbs that are unrelated to UEFI (e.g kernel-identify), and more importantly, it supports --root to operate on directory trees (which could be intended to be deployed on UEFI) so let's make sure we always build it.
* varlinkctl: add new varlinkctl toolLennart Poettering2023-10-061-0/+1
|
* tpm2-setup: add new early boot tool for initializing the SRKLennart Poettering2023-09-291-0/+4
| | | | | | | | | | | | | | | | | | | This adds an explicit service for initializing the TPM2 SRK. This is implicitly also done by systemd-cryptsetup, hence strictly speaking redundant, but doing this early has the benefit that we can parallelize this in a nicer way. This also write a copy of the SRK public key in PEM format to /run/ + /var/lib/, thus pinning the disk image to the TPM. Making the SRK public key is also useful for allowing easy offline encryption for a specific TPM. Sooner or later we should probably grow what this service does, the above is just the first step. For example, the service should probably offer the ability to reset the TPM (clear the owner hierarchy?) on a factory reset, if such a policy is needed. And we might want to install some default AK (?). Fixes: #27986 Also see: #22637
* Merge pull request #29296 from keszybz/make-cryptsetup-offical-and-add-docsLuca Boccassi2023-09-271-2/+2
|\ | | | | Make cryptsetup offical and add docs
| * man: rename systemd-cryptsetup@.service → systemd-cryptsetupZbigniew Jędrzejewski-Szmek2023-09-261-2/+2
| | | | | | | | | | We already had the other name as alias, so this just changes what is the "main" name. The text is adjusted to describe the command briefly.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 14:46:34 +0100