| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
| |
set-hostname is obsolete
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Let's allow filtering the partitions to operate on by partition
type UUID. This is necessary when building bootable images with a
verity protected root/usr partition as we can only build the UKI
image when we have the verity roothash which means we cannot populate
the EFI partition yet when we run repart initially to determine the
verity roothash.
|
| |\
| |
| | |
repart: Add Minimize setting
|
| | |
| |
| |
| |
| |
| |
| | |
Instead of requiring users to guess the required space for partitions
populated with CopyFiles=, let's make an educated guess ourselves. We
can populate the filesystem once in a very large sparse file and see
how much data is actually used as a good indicator of the required size.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
A copy paste error has crippled in the objcopy example in 'systemd-measure'
manual, "--change-section-vma" should reference the section being added,
not ".splash". When used as-is, the resulting UKI is unbootable.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
Also fix indentation.
|
| | |
|
| |
|
|
| |
Follow-up to c9615f7352 and 70666e28a1.
|
| |
|
|
|
|
|
|
|
| |
Instead of succeeding when either the firmware reports a TPM device
or we find a TPM device, let's check that the firmware reports a TPM
device and the TPM subsystem is enabled in the kernel.
To check whether the subsystem enabled, we check if the relevant
subdirectory in /sys exists at all.
|
| | |
|
| |
|
| |
* sd-bus: convenience functions to emit a signal to a destination
|
| |
|
|
|
|
|
|
|
|
|
| |
To support predictable interface names in various embeeded systems
add support for an additional naming scheming using the USB host
interface. Several asics have usb controllers that are platform
devices and not children of a pci interface. These embedded systems
should be able to enumerate interfaces by udev path as well to support
configurations and policies.
Signed-off-by: Charles Hardin <charles.hardin@chargepoint.com>
|
| |
|
|
|
| |
New option to print the paths of all the files and directories in the image to
stdout.
|
| |\
| |
| | |
network: adjust route metric based on router preference
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Even if different preference is specified, the kernel merges multiple
routes with the same preference. This is problematic when a network has
multiple routers.
Fixes #25138.
|
| | |
| |
| |
| | |
systemd-run/at/crontab and such things
|
| | | |
|
| | |
| |
| |
| |
| | |
Fixes #25177.
Co-authored-by: Steve Ramage <gitcommits@sjrx.net>
|
| | |
| |
| |
| |
| | |
When reboot is invoked, the -p/--poweroff option is intentionally
ignored. Update the man page to reflect this exception.
|
| |/ |
|
| |\
| |
| | |
Change license of code examples in docs to MIT-0
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Quoting Richard Fontana in [1]:
CC0 has been listed by Fedora as a 'good' license for code and content
(corresponding to allowed and allowed-content under the new system). We plan
to classify CC0 as allowed-content only, so that CC0 would no longer be
allowed for code.
Over a long period of time a consensus has been building in FOSS that
licenses that preclude any form of patent licensing or patent forbearance
cannot be considered FOSS. CC0 has a clause that says: "No trademark or
patent rights held by Affirmer are waived, abandoned, surrendered, licensed
or otherwise affected by this document." (The trademark side of that clause
is nonproblematic from a FOSS licensing norms standpoint.) The regular
Creative Commons licenses have similar clauses.
For the case of our documentation snippets, patent issues do not matter much.
But it is always nicer to have a license that is considerred acceptable without
any further considerations. So let's change the license to the (now recommended
replacement) MIT-0.
[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NO7KGDNL5GX3KCB7T3XTGFA3QPSUJA6R/
Using 'git blame -b' and 'git log -p --follow', I identified the following
folks as having made non-trivial changes to those snippets:
Lennart Poettering
Tom Gundersen
Luca Bocassi
Zbigniew Jędrzejewski-Szmek
Thomas Mühlbacher
Daan De Meyer
I'll ask for confirmation in the pull request.
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Refusing linking files underneath our hierarchy, improve error messages
|
| | |
| |
| |
| | |
We said "search path" and "search paths" in the same sentence…
|
| |\ \
| | |
| | | |
Fix completions when machinectl is not installed and other fixes
|
| | |/
| |
| |
| | |
Sometimes the addresses are not important, so allow skipping them in output.
|
| |/
|
|
| |
Relates to #25061.
|
| |
|
|
|
|
|
|
| |
Let's document that "." is a bad choice of character when naming
interfaces. Let's also document the hard restrictions we make when
naming interfaces.
Result of the mess that is #25052.
|
| |\
| |
| | |
manager: rename dbus method
|
| | | |
|
| | |
| |
| |
| | |
Fixes #24989.
|
| |\ \
| | |
| | | |
Manager method names
|
| | |/ |
|
| | | |
|
| |\ \
| | |
| | | |
Remove usage of "noun(s)" in messages and docs
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.
There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
|
| |\ \
| | |
| | | |
NEWS: rework the description of systemd-measure a bit again
|
| | |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds two more phases to the PCR boot phase logic: "sysinit" +
"final".
The "sysinit" one is placed between sysinit.target and basic.target.
It's good to have a milestone in this place, since this is after all
file systems/LUKS volumes are in place (which sooner or later should
result in measurements of their own) and before services are started
(where we should be able to rely on them to be complete).
This is particularly useful to make certain secrets available for
mounting secondary file systems, but making them unavailable later.
This breaks API in a way (as measurements during runtime will change),
but given that the pcrphase stuff wasn't realeased yet should be OK.
|
| | | |
|
| | |
| |
| |
| |
| | |
Include verity sig partition identifiers.
List all supported CPU architectures.
|
| |/
|
|
|
|
|
| |
Note --private-key and --certificate options for configuring
verity signature partitions in the listing of options.
Adjust one error message referring to the --certificate option.
|
| |
|
|
|
|
|
|
|
|
| |
The new function DumpPatterns() can be used to limit (drastically) the size of
the data returned by PID1. Hence the optimization of serializing data into a
file descriptor should be less relevant than having the possibility to limit
the data when communicating with the service manager remotely.
NB: when passing patterns, the dump command omits the version of the manager as
well as the features and the timestamps.
|
