summaryrefslogtreecommitdiffstats
path: root/meson_options.txt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* core: split system/user job timeouts and make them configurableZbigniew Jędrzejewski-Szmek2023-02-011-2/+6
| | | | | | | | | | | | | | | | Config options are -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec=. Existing -Dupdate-helper-user-timeout= is renamed to -Dupdate-helper-user-timeout-sec= for consistency. All three options take an integer value in seconds. The renaming and type-change of the option is a small compat break, but it's just at compile time and result in a clear error message. I also doubt that anyone was actually using the option. This commit separates the user manager timeouts, but keeps them unchanged at 90 s. The timeout for the user manager is set to 4/3*user-timeout, which means that it is still 120 s. Fedora wants to experiment with lower timeouts, but doing this via a patch would be annoying and more work than necessary. Let's make this easy to configure.
* boot: Remove option TPM PCR compat optionJan Janssen2023-01-091-2/+0
| | | | It says remove in 2023; happy to oblige.
* meson,ukify: hook up ukify, add --version optionZbigniew Jędrzejewski-Szmek2022-12-071-0/+2
| | | | | | | | | | | | | | | | | | | The option is added because we have a similar one for kernel-install. This program requires python, and some people might want to skip it because of this. The tool is installed in /usr/lib/systemd for now, since the interface might change. A template file is used, but there is no .in suffix. The problem is that we'll later want to import the file as a module for tests, but recent Python versions make it annoyingly hard to import a module from a file without a .py suffix. imp.load_sources() works, but it is deprecated and throws warnings. importlib.machinery.SourceFileLoader().load_module() works, but is also deprecated. And the documented replacements are a maze of twisted little callbacks that result in an empty module. So let's take the easy way out, and skip the suffix which makes it easy to import the template as a module after adding the directory to sys.path.
* shutdown: Add Xen kexec supportSamuel Thibault2022-11-021-0/+2
| | | | | | In the Xen case, it's the hypervisor which manages kexec. We thus have to ask it whether a kernel is loaded, instead of relying on /sys/kernel/kexec_loaded.
* core: allow disabling system time correction if rtc returns time far in the ↵Franck Bui2022-08-241-1/+1
| | | | | | | | | | | | | future There might be (embedded) systems that get never updated (things like e.g. entertainment systems of trains, for example) and where the adjustment of the system clock (introduced by b10abe4bba61aebe4c667c412741193f11886298) would do the wrong thing even if the difference between the systemd build time and the rtc is 15 years or more. This patch allows disabling the adjustment by setting 'clock-valid-range-usec-max' meson option to 0 or to a negative value.
* meson: fix type for many build optionsEli Schwartz2022-07-301-14/+14
| | | | | | | Integers and booleans are supposed to be actual integers and booleans, not strings describing their value, but Meson silently accepted either one. It's still wrong to do it though, and other implementations of Meson such as muon choke on it.
* meson: use 0 for default uids, gids, and time epochYu Watanabe2022-07-301-25/+25
| | | | | | | | 0 UID and GID are special, and should not be acceptable for the settings. Hence, we can handle 0 as unset. Strictly speaking, time epoch with 0 is valid, but I guess no one use 0 as a valid value.
* journalctl: allow statically linked buildJames Hilliard2022-07-291-0/+2
| | | | | | | | The journalctl tool may be needed on cross compilation hosts in order to run --update-catalog against a target rootfs. To avoid reliability issues caused by shared linking allow journalctl to be linked statically.
* smack: Add DefaultSmackProcessLabel to user.conf and system.confŁukasz Stelmach2022-07-121-0/+2
| | | | | | | | | | | DefaultSmackProcessLabel tells systemd what label to assign to its child process in case SmackProcessLabel is not set in the service file. By default, when DefaultSmackProcessLabel is not set child processes inherit label from systemd. If DefaultSmackProcessLabel is set to "/" (which is an invalid character for a SMACK label) the DEFAULT_SMACK_PROCESS_LABEL set during compilation is ignored and systemd act as if the option was unset.
* Merge pull request #15205 from jlebon/pr/preset-all-firstbootZbigniew Jędrzejewski-Szmek2022-07-061-0/+2
|\ | | | | manager: optionally, do a full preset on first boot
| * manager: optionally, do a full preset on first bootJonathan Lebon2022-05-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: https://github.com/coreos/fedora-coreos-config/pull/77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b3079a203. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* | Merge pull request #23683 from keszybz/status-formatZbigniew Jędrzejewski-Szmek2022-06-101-1/+1
|\ \ | | | | | | Default to default-status-unit-format=name in developer mode
| * | meson: use status-unit-format-default=name in developer modeZbigniew Jędrzejewski-Szmek2022-06-101-1/+1
| | | | | | | | | | | | | | | | | | I think developers are particularly unlikely to find the descriptions useful, and would benefit from being able to copy&paste unit names. Let's make this choice automatically.
* | | meson: add experimental bpf-gcc compiler supportJames Hilliard2022-06-101-0/+2
|/ / | | | | | | | | Not fully working but should make it easier to clean up remaining issues.
* | meson: Add nspawn-locale meson optionDaan De Meyer2022-06-091-0/+2
| | | | | | | | | | | | | | | | | | | | https://github.com/systemd/systemd/pull/23192 caused breakage in Arch Linux's build tooling. Let's give users an opt-out aside from reverting the patch. It's hardly any maintenance work on our side and gives users an easy way to revert the locale change if needed. Of course, by default we still pick C.UTF-8 if the option is not specified.
* | meson: Switch default-locale default to C.UTF-8Daan De Meyer2022-06-031-1/+1
| | | | | | | | | | | | | | We're already using C.UTF-8 as the default locale for nspawn. Let's make the same change for the default-locale option instead of deciding what to use based on the locale used by the host system. Users can still override the locale using the default-locale option if needed.
* | meson: turn on log-message-verification by default in developer buildsZbigniew Jędrzejewski-Szmek2022-05-111-1/+1
| | | | | | | | | | I'm not _quite_ convinced that this a good idea… I'm at least keeping it separate to make it easy to revert ;)
* | Optionally call printf on LOG_MESSAGE() argumentsZbigniew Jędrzejewski-Szmek2022-05-111-0/+2
|/ | | | | | | | | With an intentional mistake: ../src/login/logind-dbus.c: In function ‘bus_manager_log_shutdown’: ../src/login/logind-dbus.c:1542:39: error: format ‘%s’ expects a matching ‘char *’ argument [-Werror=format=] 1542 | LOG_MESSAGE("%s %s", message), | ^~~~~~~
* compression: add build-time option to select defaultLuca Boccassi2022-04-171-0/+2
| | | | | | | | | Compression and decompression are controlled by the same build flag, so if one wants to use, say, LZ4 to compress, ZSTD has to be disabled, which means one loses the ability to read zstd-compressed journals. Add a default-compression meson option, that allows to select any of the available compression algorithms as the default.
* meson: Add efi-cflags optionJan Janssen2022-04-071-0/+2
|
* Use new default-user-shell option instead of hard-coding bash in nspawn and ↵наб2022-03-281-0/+2
| | | | | | | | | | | user-record Defaults to /bin/bash, no changes in the default configuration The fallback shell for non-root users is as-specified, and the interactive shell for nspawn sessions is started as exec(default-user-shell, "-" + basename(default-user-shell), ...) before falling through to bash and sh
* sysupdate: add new component "sysupdate"Lennart Poettering2022-03-191-0/+2
|
* sd-boot: measure kernel cmdline into PCR 12 rather than 8Lennart Poettering2022-03-161-0/+2
| | | | | | | | | | Apparently Grub is measuring all kinds of garbage into PCR 8. Since people apparently chainload sd-boot from grub, let's thus stay away from PCR 8, and use PCR 12 instead for the kernel command line. As discussed here: #22635 Fixes: #22635
* meson: allow skipping optional dependenciesEvgeny Vereshchagin2022-02-221-0/+3
| | | | | | mostly to make sure that systemd is buildable without some dependencies but other than that it should make it easier to build it with MSan without having to compile all the dependencies with MSan.
* meson: Remove efi-cc optionJan Janssen2022-01-021-2/+0
| | | | | | | | | | | | | Changing the efi compiler this way doesn't really work. The gnu-efi header checks as well as supported compiler flag checks use the regular cc that meson detects. Changing the compiler this way will end up with bad compiler flags. For the very same reason, this does not work with a cross-compiler without going through proper meson cross-compilation steps either. The proper way to build systemd-boot with a different compiler is to use a different build folder and then just use the proper ninja build target to only build the bootloader/stub.
* meson: move dbus-interfaces-dirYu Watanabe2021-12-281-3/+2
|
* meson: allow specifying a custom "tag" for the private shared libariesZbigniew Jędrzejewski-Szmek2021-12-251-0/+2
| | | | | | | | | | | | | | We have /usr/lib/systemd/libsystemd-{shared,core}-nnn.so. With this path the 'nnn' part can be changed to something different. The idea is that during a package build this will be set to the package version. This way during in-place upgrades with the same major version both the new and old libraries can cooexit. This should fix the issue when systemd programs are called during package upgrades and fail to exec because the expect different symbols in the library they are linked to. This should fix https://bugzilla.redhat.com/show_bug.cgi?id=1906010.
* boot, meson: allow statically linked buildRobert Scheck2021-12-141-0/+3
| | | | | | | | | | Build option "link-boot-shared" to build a statically linked bootctl and systemd-bless-boot by using -Dlink-boot-shared=false on systems with full systemd stack except bootctl and systemd-bless-boot, such as CentOS/RHEL 9.
* meson: Auto detect efi-ldJan Janssen2021-12-111-1/+1
|
* Export D-Bus interfaces to /usr/share/dbus-1/interfacesigo958622021-12-101-0/+3
| | | | | | | | | | | | | | | | | | Pass -Ddbus-interfaces-dir=no to meson to disable export Interfaces from: org.freedesktop.home1 org.freedesktop.hostname1 org.freedesktop.import1 org.freedesktop.locale1 org.freedesktop.LogControl1 org.freedesktop.login1 org.freedesktop.machine1 org.freedesktop.oom1 org.freedesktop.portable1 org.freedesktop.resolve1 org.freedesktop.systemd1 org.freedesktop.timedate1
* Merge pull request #21264 from medhefgo/boot-ltoZbigniew Jędrzejewski-Szmek2021-12-071-1/+3
|\ | | | | sd-boot: LTO support
| * sd-boot: Let the compiler invoke the linker for usJan Janssen2021-11-291-1/+3
| | | | | | | | | | For LTO to work, the linker has to be called with some magic sauce arguments. And the easiest way to get those is to just let the compiler to the job for us.
* | meson: add config setting to select between openssl and gcryptZbigniew Jędrzejewski-Szmek2021-11-301-0/+2
|/ | | | This is not pretty, but it is supposed to be only a temporary measure.
* meson: Default to sbat-distro=autoJan Janssen2021-11-281-1/+1
| | | | | | | | | | Any recent shim will refuse starting an image that does not have an sbat section and will do so with a generic "Security Violation" message. And it is very easy to forget passing -Dsbat-distro=auto to meson when creating a fresh build dir. Adding sbat info when shim is not used or secure boot is disabled does not hurt anyone, so default to auto. This still ensures to not add auto-detected info in case we are cross building.
* meson: allow extra net naming schemes to be defined during configurationZbigniew Jędrzejewski-Szmek2021-09-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In upstream, we have a linearly-growing list of net-naming-scheme defines; we add a new one for every release where we make user-visible changes to the naming scheme. But the general idea was that downstream distributions could define their own combinations (or even just their own names for existing combinations), so provide stability for their users. So far this required patching of the netif-naming-scheme.c and .h files to add the new lines. With this patch, patching is not required: $ meson configure build \ -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash \ -Ddefault-net-naming-scheme=gargoyle2 or even $ meson configure build \ -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash,latest=v249 \ -Ddefault-net-naming-scheme=gargoyle2 The syntax is a comma-separated list of NAME=name+name+… This syntax is a bit scary, but any typos result in compilation errors, so I think it should be OK in practice. With this approach, we don't allow users to define arbitrary combinations: what is allowed is still defined at compilation time, so it's up to the distribution maintainers to provide reasonable combinations. In this regard, the only difference from status quo is that it's much easier to do (and harder to do incorrectly, for example by forgetting to add a name to one of the maps).
* meson: drop the list of valid net naming schemesZbigniew Jędrzejewski-Szmek2021-09-281-2/+1
| | | | | | | | | | We used 'combo' type for the scheme list. For a while we forgot to add new names, and recently aa0a23ec86 added v241, v243, v245, and v247. I want to allow defining new values during configuration, which means that we can't use meson to verify the list of options. So any value is allowed, but then two tests are added: one that will fail compilation if some invalid name is given (other than "latest"), and one that converts DEFAULT_NET_NAMING_SCHEME to a NamingScheme pointer.
* Add remaining supported schemes as options for default-net-naming-schemedann frazier2021-09-271-1/+1
|
* boot: stop making TPM PCR to measure kernel command line into configurableLennart Poettering2021-09-231-2/+0
| | | | | | | | | | | | | | | | Everyone appears to use PCR 8 for this, hence I think it's safe to hardcode that in systemd too. It's also documented, like here: https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html or here: https://github.com/rhboot/shim/blob/main/README.tpm (And the previous name was a bit confusing, since we don't actually just measure one thing anymore, but mutliple things into multiple PCRs...)
* sd-boot: Draw custom edit cursorJan Janssen2021-08-171-1/+1
| | | | | | | | | | | | | Firmware likes to draw the EFI provided cursor in a weird way that makes it invisible sometimes. This is even more likely to happen if unusual colors are picked. It also fails to draw attention to the user by being very small and not blinking. Additionally, to make it more clear that we are in edit mode, we now default to inverting the general default color and use that for our line edit. Fixes: #19301
* sd-boot: Add compile-time color supportJan Janssen2021-08-171-0/+8
| | | | Fixes: #10139
* time-set: adjust system clock if rtc is far in futureEgor Ignatov2021-08-021-0/+2
|
* Add support for systemd-tpm2 libcryptsetup plugin.Ondrej Kozina2021-07-261-0/+4
| | | | | | | | | | | Add support for systemd-tpm2 based LUKS2 device activation via libcryptsetup plugin. This make the feature (tpm2 sealed LUKS2 keyslot passphrase) usable from both systemd utilities and cryptsetup cli. The feature is configured via -Dlibcryptsetup-plugins combo with default value set to 'auto'. It get's enabled automatically when cryptsetup 2.4.0 or later is installed in build system.
* rpm: restart user services at the end of the transactionZbigniew Jędrzejewski-Szmek2021-07-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This closes an important gap: so far we would reexecute the system manager and restart system services that were configured to do so, but we wouldn't do the same for user managers or user services. The scheme used for user managers is very similar to the system one, except that there can be multiple user managers running, so we query the system manager to get a list of them, and then tell each one to do the equivalent operations: daemon-reload, disable --now, set-property Markers=+needs-restart, reload-or-restart --marked. The total time that can be spend on this is bounded: we execute the commands in parallel over user managers and units, and additionally set SYSTEMD_BUS_TIMEOUT to a lower value (15 s by default). User managers should not have too many units running, and they should be able to do all those operations very quickly (<< 1s). The final restart operation may take longer, but it's done asynchronously, so we only wait for the queuing to happen. The advantage of doing this synchronously is that we can wait for each step to happen, and for example daemon-reloads can finish before we execute the service restarts, etc. We can also order various steps wrt. to the phases in the rpm transaction. When this was initially proposed, we discussed a more relaxed scheme with bus property notifications. Such an approach would be more complex because a bunch of infrastructure would have to be added to system manager to propagate appropriate notifications to the user managers, and then the user managers would have to wait for them. Instead, now there is no new code in the managers, all new functionality is contained in src/rpm/. The ability to call 'systemctl --user user@' makes this approach very easy. Also, it would be very hard to order the user manager steps and the rpm transaction steps. Note: 'systemctl --user disable' is only called for a user managers that are running. I don't see a nice way around this, and it shouldn't matter too much: we'll just leave a dangling symlink in the case where the user enabled the service manually. A follow-up for https://bugzilla.redhat.com/show_bug.cgi?id=1792468 and fa97d2fcf64e0558054bee673f734f523373b146.
* Add meson option to disable urlify.James Hilliard2021-07-191-0/+2
| | | | | Useful for systems that don't use a version of less with hyperlink support.
* core: add combined status unit formatPaweł Marciniak2021-06-281-1/+1
| | | | | [zjs: actual implementation is stripped out and will be added in subsequent commits.]
* meson: allow "soft-static" allocations for uids and gids in the initrdZbigniew Jędrzejewski-Szmek2021-06-171-4/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The general idea with users and groups created through sysusers is that an appropriate number is picked when the allocation is made. The number that is selected will be different on each system based on the order of creation of users, installed packages, etc. Since system users and groups are not shared between installations, this generally is not an issue. But it becomes a problem for initrd: some file systems are shared between the initrd and the host (/run and /dev are probably the only ones that matter). If the allocations are different in the host and the initrd, and files survive switch-root, they will have wrong ownership. This makes the gids build-time-configurable for all groups and users where state may survive the switch from initrd to the host. In particular, all "hardware access" groups are like this: files in /dev will be owned by them. Eventually the new udev would change ownership, but there would be a momemnt where the files were owned by the wrong group. The allocations are "soft-static" in the language of Fedora packaging guidelines: the uid/gid will be used if possible, but we'll fall back to a different one. TTY_GID is the exception, because the number is used directly. Similarly, the possibility to configure "soft-static" uids is added for daemons which may usefully run in the initramfs: systemd-network (lease information and interface state is serialized to /run), systemd-resolve (stub files and interface state), systemd-timesync (/run/systemd/timesync). Journal files are owned by the group systemd-journal, and acls are granted for wheel and adm. systemd-oom and systemd-coredump are excluded from this patch: I assume that oomd is not useful in the initrd, and coredump leaves no state (it only creates a pipe in /run?). The defaults are not changed: if nothing is configured, dynamic allocation will be used. I looked at a Debian system, and the numbers are all different than on Fedora. For Fedora, see the list of uids and gids at https://pagure.io/setup/blob/master/f/uidgid. In particular, systemd-network and systemd-resolve got soft-static numbers to make it easy to transition from a non-host-specific initrd to a host system already a few years back (https://bugzilla.redhat.com/show_bug.cgi?id=1102002). I also requested static allocations for sgx, input, render in https://pagure.io/packaging-committee/issue/1078, https://pagure.io/setup/pull-request/27.
* test: enable fuzz regression tests by defaultZbigniew Jędrzejewski-Szmek2021-05-201-1/+1
| | | | | | | | | | | | This ensures that the fuzz test code is also built by default. It also increases the test coverage a bit. Compiling the tests *with* sanitizers is painfully slow, so this is not enabled. But just compiling them sauté is hardly noticable. Running the tests increases the test count and runtime: 622 tests, 26 s to 922 tests, 35 s I think this is acceptable.
* boot: add optional EFI SBAT supportDimitri John Ledkov2021-05-071-0/+12
| | | | | | | | | | Add SBAT support, when -Dsbat-distro value is specified. One can use -Dsbat-distro=auto for autodetection of all sbat options. Many meson configure options added to customize SBAT CSV values, but sensible defaults are auto detected by default. SBAT support is required if shim v15+ is used to load systemd-boot binary or kernel.efi (Type II BootLoaderSpec). Fixes #19247
* meson, bpf: add HAVE_LIBBPF, BPF_FRAMEWORK optionsJulia Kartseva2021-04-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | * Add `bpf-framework` feature gate with 'auto', 'true' and 'false' choices * Add libbpf [0] dependency * Search for clang llvm-strip and bpftool binaries in compile time to generate bpf skeleton. For libbpf [0], make 0.2.0 [1] the minimum required version. If libbpf is satisfied, set HAVE_LIBBPF config option to 1. If `bpf-framework` feature gate is set to 'auto', means that whether bpf feature is enabled or now is defined by the presence of all of libbpf, clang, llvm and bpftool in build environment. With 'auto' all dependencies are optional. If the gate is set to `true`, make all of the libbpf, clang and llvm dependencies mandatory. If it's set to `false`, set `BPF_FRAMEWORK` to false and make libbpf dependency optional. libbpf dependency is dynamic followed by the common pattern in systemd. meson, bpf: add build rule for socket_bind program
* resolved.conf: Add hostnames for default DNS serversJan Janssen2021-03-311-1/+1
|