summaryrefslogtreecommitdiffstats
path: root/meson_options.txt (follow)
Commit message (Collapse)AuthorAgeFilesLines
* test: Add mkosi-based integration test runnerRichard Maw2024-04-181-0/+2
| | | | | The first two tests are included to ensure parallel test execution is demonstrable.
* mountfsd: add new systemd-mountfsd componentLennart Poettering2024-04-061-0/+5
|
* nsresourced: add new daemon for granting clients user namespaces and ↵Lennart Poettering2024-04-061-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | assigning resources to them This adds a small, socket-activated Varlink daemon that can delegate UID ranges for user namespaces to clients asking for it. The primary call is AllocateUserRange() where the user passes in an uninitialized userns fd, which is then set up. There are other calls that allow assigning a mount fd to a userns allocated that way, to set up permissions for a cgroup subtree, and to allocate a veth for such a user namespace. Since the UID assignments are supposed to be transitive, i.e. not permanent, care is taken to ensure that users cannot create inodes owned by these UIDs, so that persistancy cannot be acquired. This is implemented via a BPF-LSM module that ensures that any member of a userns allocated that way cannot create files unless the mount it operates on is owned by the userns itself, or is explicitly allowelisted. BPF LSM program with contributions from Alexei Starovoitov.
* build-sys: pick up vmlinux.h from running kernel BTF or userLennart Poettering2024-04-061-2/+6
|
* ssh-generator: create privsep dir via tmpfiles.d/ if we are told toLennart Poettering2024-04-031-0/+2
| | | | | | | | | | | | | | | | | | To make it easy to have a workable ssh-generator on various distros, let's optionally generate the ssh privsep dir via tmpfiles.d/ drop-in. This enables the concept with a path of /run/sshd/ as default. This is the path Debian/Ubuntu uses, and means that we just work on those distros. Debian/Ubuntu is the only distro (apparently?) that puts the privsep dir under /run/, hence always needs the dir to be created manually. Other distros don't need it that much, because they place the dir in /usr/ (fedora, best choice!) or /var/ (others, not ideal, because still mutable). Also adds a longer explanation about this in NEWS, in the hope that distro maintaines read that and maybe start cleaning this up. Alternative to: #31543
* fix the value of default shells to use /bin and not /usr/binEli Schwartz2024-02-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Partially reverts commit b0d3095fd6cc1791a38f57a1982116b4475244ba. While it is generally worthwhile for systemd to drop split-usr support, these options are NOT about split-usr support. The universal location of POSIX sh is always /bin/sh. Bash is pretty reasonably standardized there too. This happens irrespective of /bin being a symlink to /usr/bin. Ramifications of this change include things like: - portably running shell scripts that might run very nearly anywhere - /etc/shells support For standardization and compatibility reasons, these commands with these paths need to be consistently found on any system, and thus distros make sure this works, although even on split-usr systems /usr/bin/bash may be a symlink to /bin/bash. Embedding the *access path* of bash as /usr/bin/bash in systemd, for example in libnss_systemd.so, means that login shells must agree with systemd on how they invoke the shell. End result: users fail to login because of access violations. This cannot be fixed by "fixing PAM" because PAM does not follow symlinks by design: one example is that it needs to treat rbash as different from bash. Fixes: https://bugs.gentoo.org/919749 Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
* tree-wide: use "_" rather than "-" as separator in kernel cmdline optionsLennart Poettering2024-02-281-2/+2
| | | | | | | | | | | Most of our kernel cmdline options use underscores as word separators in kernel cmdline options, but there were some exceptions. Let's fix those, and also use underscores. Since our /proc/cmdline parsers don't distinguish between the two characters anyway this should not break anything, but makes sure our own codebase (and in particular docs and log messages) are internally consistent.
* meson: drop default-hierarchy= option, always use unifiedMike Yuan2024-02-271-2/+2
|
* meson: Decouple the version tag from the vcs tagDaan De Meyer2024-02-211-1/+3
| | | | | | | | | | | Let's split off a new vcs-tag option from version-tag that configures whether the current commit should be appended to the version tag. Doing this saves us from having to fiddle around with generating git versions in packaging specs and instead let's meson do it for us, even if we pass in a custom version tag. With this approach there's no more need for tools/meson-vcs-tag.sh so we remove it.
* systemctl: drop chain invocation of telinitMichael Biebl2024-02-151-2/+0
| | | | | | | | | This functionality relied on telinit being available in a different path then the compat symlink shipped by systemd itself. This is no longer the case for any known distro, so remove that code. Fixes: #31220 Replaces: #31249
* dissect: add --make-archive option to convert DDI to tarballLennart Poettering2024-01-251-0/+2
|
* ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK ↵Lennart Poettering2024-01-111-0/+2
| | | | | | | | | | | | | | | | | | | | sockets This adds a tiny binary that is hooked into SSH client config via ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket of choice. The syntax is as simple as this: ssh unix/some/path # (this connects to AF_UNIX socket /some/path) or: ssh vsock/4711 I used "/" as separator of the protocol ID and the value since ":" is already taken by SSH itself when doing sftp. And "@" is already taken for separating the user name.
* userdbctl: enable ssh-authorized-keys logic by defaultLennart Poettering2023-12-061-0/+2
| | | | | | | | | | | | sshd now supports config file drop-ins, hence let's install one to hook up "userdb ssh-authorized-keys", so that things just work. We put the drop-in relatively early, so that other drop-ins generally will override this. Ideally sshd would support such drop-ins in /usr/ rather than /etc/, but let's take what we can get. It's not that sshd's upstream was particularly open to weird ideas from Linux people.
* meson: disable -Ddefault-network by defaultYu Watanabe2023-11-081-1/+1
| | | | | | Follow-up for 9b7a624267fddc5c20bd15480e7a393d7a3b270e. This may break existing setups. Let's disable it by default.
* meson: enable vmspawn by default in developer modeZbigniew Jędrzejewski-Szmek2023-11-071-1/+1
| | | | | This should also implicitly enabled vmspawn in CI. It wasn't passing even the basic tests, which we didn't see, because it needs to be explicitly enabled.
* Merge pull request #29508 from CodethinkLabs/systemd-vmspawn-prLuca Boccassi2023-11-031-0/+2
|\ | | | | systemd-vmspawn implementation that only supports disk images
| * vmspawn: added initial code for vmspawnSam Leonard2023-11-021-0/+2
| | | | | | | | | | vmspawn-settings.c is currently empty but this will be used in future to house code for parsing settings from a file
* | network: add meson option to rename .example files on installYu Watanabe2023-11-031-0/+2
| | | | | | | | | | | | | | | | Also this renames 80-ethernet.network.example -> 89-ethernet.network.example, to make it have lower precedence over other default .network files for Ethernet interfaces. Closes #29765.
* | storagetm: add new systemd-storagetm componentLennart Poettering2023-11-021-0/+2
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements a "storage target mode", similar to what MacOS provides since a long time as "Target Disk Mode": https://en.wikipedia.org/wiki/Target_Disk_Mode This implementation is relatively simple: 1. a new generic target "storage-target-mode.target" is added, which when booted into defines the target mode. 2. a small tool and service "systemd-storagetm.service" is added which exposes a specific device or all devices as NVMe-TCP devices over the network. NVMe-TCP appears to be hot shit right now how to expose block devices over the network. And it's really simple to set up via configs, hence our code is relatively short and neat. The idea is that systemd-storagetm.target can be extended sooner or later, for example to expose block devices also as USB mass storage devices and similar, in case the system has "dual mode" USB controller that can also work as device, not just as host. (And people could also plug in sharing as NBD, iSCSI, whatever they want.) How to use this? Boot into your system with a kernel cmdline of "rd.systemd.unit=storage-target-mode.target ip=link-local", and you'll see on screen the precise "nvme connect" command line to make the relevant block devices available locally on some other machine. This all requires that the target mode stuff is included in the initrd of course. And the system will the stay in the initrd forever. Why bother? Primarily three use-cases: 1. Debug a broken system: with very few dependencies during boot get access to the raw block device of a broken machine. 2. Migrate from system to another system, by dd'ing the old to the new directly. 3. Installing an OS remotely on some device (for example via Thunderbolt networking) (And there might be more, for example the ability to boot from a laptop's disk on another system) Limitations: 1. There's no authentication/encryption. Hence: use this on local links only. 2. NVMe target mode on Linux supports r/w operation only. Ideally, we'd have a read-only mode, for security reasons, and default to it. Future love: 1. We should have another mode, where we simply expose the homed LUKS home dirs like that. 2. Some lightweight hookup with plymouth, to display a (shortened) version of the info we write to the console. To test all this, just run: mkosi --kernel-command-line-extra="rd.systemd.unit=storage-target-mode.target" qemu
* meson: add build option for install path of main config filesFranck Bui2023-10-171-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows distros to install configuration file templates in /usr/lib/systemd for example. Currently we install "empty" config files in /etc/systemd/. They serve two purposes: - The file contains commented-out values that show the default settings. - It is easier to edit the right file if it is already there, the user doesn't have to type in the path correctly, and the basic file structure is already in place so it's easier to edit. Things that have happened since this approach was put in place: - We started supporting drop-ins for config files, and drop-ins are the recommended way to create local configuration overrides. - We have systemd-analyze cat-config which takes care of iterating over all possible locations (/etc, /run, /usr, /usr/local) and figuring out the right file. - Because of the first two points, systemd-analyze cat-config is much better, because it takes care of finding all the drop-ins and figuring out the precedence. Looking at files manually is still possible of course, but not very convenient. The disadvantages of the current approach with "empty" files in /etc: - We clutter up /etc so it's harder to see what the local configuration actually is. - If a user edits the file, package updates will not override the file (e.g. systemd.rpm uses %config(noreplace). This means that the "documented defaults" will become stale over time, if the user ever edits the main config file. Thus, I think that it's reasonable to: - Install the main config file to /usr/lib so that it serves as reference for syntax and option names and default values and is properly updated on package upgrades. - Recommend to users to always use drop-ins for configuration and systemd-analyze cat-config to view the documentation. This setting makes this change opt-in. Fixes #18420. [zjs: add more text to the description]
* meson: Drop skip-deps optionJan Janssen2023-08-231-3/+0
| | | | | | | | | | Now that we use meson feature options for our dependencies, we can just rely on '--auto-features=disabled' to do the same. One benefit of this is that specific features can still be force-enabled by overriding it with the appropriate '-Dfeature=enabled' flag. The two remaining uses for skip-deps can simply rely on their default logic that sets the value to 'no' when the dependency is disabled.
* meson: Convert more options to meson featuresJan Janssen2023-08-231-14/+14
| | | | | The semantics for libidn2 and pwquality have changed slightly: We will pick a preferred one if both are enabled instead of making it an error.
* meson: Convert bpf-framework to meson featureJan Janssen2023-08-231-1/+1
|
* meson: Convert options to meson features (require)Jan Janssen2023-08-231-7/+7
| | | | | These options use requre() to conveniently express their dependency requirements.
* meson: Convert dbus to meson featureJan Janssen2023-08-231-1/+1
| | | | | | Also, there is no need to conditionalize the get_variable() calls because not-found dependencies will just return the passed default value if provided.
* meson: Convert options to meson features (find_library fallback)Jan Janssen2023-08-231-4/+4
| | | | | | This uses a two-step approach to make sure we can fall back to find_library(), while also skipping the detection if the features are explicitly disabled.
* meson: Convert fidsk to meson featureJan Janssen2023-08-231-1/+1
| | | | | | By making this a disabler dependency, we can slightly simplify the code and it als fixes the build for -Dfdisk=disabled as we failed to create a fallback empty libshared_fdisk variable.
* meson: Use feature optionsJan Janssen2023-08-231-24/+24
| | | | | | | | | | | | | | | By using meson features we can replace the handcrafted dependency auto-detection by just passing the value from get_option directly to the required arg for dependency, find_library etc. 'auto' features make the dependency optional, 'enabled' requires it while 'disabled' features will skip detection entirely. Any skipped or not found dependency will just be a no-op when passed to build steps and therefore we can also skip the creation of empty vars. The use of skip_deps for these is dropped here as meson provides a way to disable all optional features in one go by passing '-Dauto_features=disabled'.
* Drop split-usr and unmerged-usr supportLuca Boccassi2023-07-281-8/+8
| | | | | | | | | | As previously announced, execute order 66: https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html The meson options split-usr, rootlibdir and rootprefix become no-ops that print a warning if they are set to anything other than the default values. We can remove them in a future release.
* shared: add libpasswdqc supportEgor Ignatov2023-07-061-0/+2
| | | | | Co-authored-by: Dmitry V. Levin <ldv@altlinux.org> Resolves: #15055
* bpf: stabilize GCC BPF supportJames Hilliard2023-05-301-1/+1
| | | | | Now that we have a GCC release which should support our bpf programs lets set the minimum version and stabilize it.
* meson: fix description for link-udev-shared optionYu Watanabe2023-05-161-1/+1
|
* portable, meson: allow statically linked buildRobert Scheck2023-05-151-0/+2
| | | | | | | | | | Build option "link-portabled-shared" to build a statically linked systemd-portabled by using -Dlink-portabled-shared=false on systems with full systemd stack except systemd-portabled, such as CentOS/RHEL 9.
* tree-wide: Drop gnu-efiJan Janssen2023-03-101-13/+3
| | | | | | | This drops all mentions of gnu-efi and its manual build machinery. A future commit will bring bootloader builds back. A new bootloader meson option is now used to control whether to build sd-boot and its userspace tooling.
* meson: merge our two valgrind configuration conditions into oneZbigniew Jędrzejewski-Szmek2023-02-221-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | Most of the support for valgrind was under HAVE_VALGRIND_VALGRIND_H, i.e. we would enable if the valgrind headers were found. The operations then we be conditionalized on RUNNING_UNDER_VALGRIND. But in a few places we had code which was conditionalized on VALGRIND, i.e. the config option. I noticed because I compiled with -Dvalgrind=true on a machine that didn't have valgrind.h, and the build failed because RUNNING_UNDER_VALGRIND was not defined. My first idea was to add a check that the header is present if the option is set, but it seems better to just remove the option. The code to support valgrind is trivial, and if we're !RUNNING_UNDER_VALGRIND, it has negligible cost. And the case of running under valgrind is always some special testing/debugging mode, so we should just do those extra steps to make valgrind output cleaner. Removing the option makes things simpler and we don't have to think if something should be covered by the one or the other configuration bit. I had a vague recollection that in some places we used -Dvalgrind=true not for valgrind support, but to enable additional cleanup under other sanitizers. But that code would fail to build without the valgrind headers anyway, so I'm not sure if that was still used. If there are uses like that, we can extend the condition for cleanup_pools().
* vconsole: allow setting default keymap through build optionMike Yuan2023-02-151-0/+2
| | | | | | | Allow defining the default keymap to be used by vconsole-setup through a build option. A template vconsole.conf also gets populated by tmpfiles if it doesn't exist.
* core: split system/user job timeouts and make them configurableZbigniew Jędrzejewski-Szmek2023-02-011-2/+6
| | | | | | | | | | | | | | | | Config options are -Ddefault-timeout-sec= and -Ddefault-user-timeout-sec=. Existing -Dupdate-helper-user-timeout= is renamed to -Dupdate-helper-user-timeout-sec= for consistency. All three options take an integer value in seconds. The renaming and type-change of the option is a small compat break, but it's just at compile time and result in a clear error message. I also doubt that anyone was actually using the option. This commit separates the user manager timeouts, but keeps them unchanged at 90 s. The timeout for the user manager is set to 4/3*user-timeout, which means that it is still 120 s. Fedora wants to experiment with lower timeouts, but doing this via a patch would be annoying and more work than necessary. Let's make this easy to configure.
* boot: Remove option TPM PCR compat optionJan Janssen2023-01-091-2/+0
| | | | It says remove in 2023; happy to oblige.
* meson,ukify: hook up ukify, add --version optionZbigniew Jędrzejewski-Szmek2022-12-071-0/+2
| | | | | | | | | | | | | | | | | | | The option is added because we have a similar one for kernel-install. This program requires python, and some people might want to skip it because of this. The tool is installed in /usr/lib/systemd for now, since the interface might change. A template file is used, but there is no .in suffix. The problem is that we'll later want to import the file as a module for tests, but recent Python versions make it annoyingly hard to import a module from a file without a .py suffix. imp.load_sources() works, but it is deprecated and throws warnings. importlib.machinery.SourceFileLoader().load_module() works, but is also deprecated. And the documented replacements are a maze of twisted little callbacks that result in an empty module. So let's take the easy way out, and skip the suffix which makes it easy to import the template as a module after adding the directory to sys.path.
* shutdown: Add Xen kexec supportSamuel Thibault2022-11-021-0/+2
| | | | | | In the Xen case, it's the hypervisor which manages kexec. We thus have to ask it whether a kernel is loaded, instead of relying on /sys/kernel/kexec_loaded.
* core: allow disabling system time correction if rtc returns time far in the ↵Franck Bui2022-08-241-1/+1
| | | | | | | | | | | | | future There might be (embedded) systems that get never updated (things like e.g. entertainment systems of trains, for example) and where the adjustment of the system clock (introduced by b10abe4bba61aebe4c667c412741193f11886298) would do the wrong thing even if the difference between the systemd build time and the rtc is 15 years or more. This patch allows disabling the adjustment by setting 'clock-valid-range-usec-max' meson option to 0 or to a negative value.
* meson: fix type for many build optionsEli Schwartz2022-07-301-14/+14
| | | | | | | Integers and booleans are supposed to be actual integers and booleans, not strings describing their value, but Meson silently accepted either one. It's still wrong to do it though, and other implementations of Meson such as muon choke on it.
* meson: use 0 for default uids, gids, and time epochYu Watanabe2022-07-301-25/+25
| | | | | | | | 0 UID and GID are special, and should not be acceptable for the settings. Hence, we can handle 0 as unset. Strictly speaking, time epoch with 0 is valid, but I guess no one use 0 as a valid value.
* journalctl: allow statically linked buildJames Hilliard2022-07-291-0/+2
| | | | | | | | The journalctl tool may be needed on cross compilation hosts in order to run --update-catalog against a target rootfs. To avoid reliability issues caused by shared linking allow journalctl to be linked statically.
* smack: Add DefaultSmackProcessLabel to user.conf and system.confŁukasz Stelmach2022-07-121-0/+2
| | | | | | | | | | | DefaultSmackProcessLabel tells systemd what label to assign to its child process in case SmackProcessLabel is not set in the service file. By default, when DefaultSmackProcessLabel is not set child processes inherit label from systemd. If DefaultSmackProcessLabel is set to "/" (which is an invalid character for a SMACK label) the DEFAULT_SMACK_PROCESS_LABEL set during compilation is ignored and systemd act as if the option was unset.
* Merge pull request #15205 from jlebon/pr/preset-all-firstbootZbigniew Jędrzejewski-Szmek2022-07-061-0/+2
|\ | | | | manager: optionally, do a full preset on first boot
| * manager: optionally, do a full preset on first bootJonathan Lebon2022-05-041-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A compile time option is added to select behaviour: by default UNIT_FILE_PRESET_ENABLE_ONLY is still used, but the intent is to change to UNIT_FILE_PRESET_FULL at some point in the future. Distros that want to opt-in can use the config option to change the behaviour. (The option is just a boolean: it would be possible to make it multi-valued, and allow full, enable-only, disable-only, none. But so far nobody has asked for this, and it's better not to complicate things needlessly.) With the configuration option flipped, instead of only doing enablements, perform a full preset on first boot. The reason is that although `/etc/machine-id` might be missing, there may be other files provisioned in `/etc` (in fact, this use case is mentioned in `log_execution_mode`). Some of those possible files include enablement symlinks even if presets dictate it should be disabled. Such a seemingly contradictory situation occurs in {RHEL,Fedora} CoreOS, where we ship `/etc` as if `preset-all` were called. However, we want to allow users to disable default-enabled services via Ignition, which does this by creating preset dropins before switchroot. (For why we do `preset-all` at compose time, see: https://github.com/coreos/fedora-coreos-config/pull/77). For example, the composed FCOS image has a `enable zincati.service` preset and an enablement for that in `/etc`, while at boot time when we switch root, there may be a `disable zincati.service` preset with higher precedence. In that case, we want systemd to disable the service. This is essentially a revert of 304b3079a203. It seems like systemd *used* to do this, but it was changed to try to make the container workflow a bit faster. Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/392 Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* | Merge pull request #23683 from keszybz/status-formatZbigniew Jędrzejewski-Szmek2022-06-101-1/+1
|\ \ | | | | | | Default to default-status-unit-format=name in developer mode
| * | meson: use status-unit-format-default=name in developer modeZbigniew Jędrzejewski-Szmek2022-06-101-1/+1
| | | | | | | | | | | | | | | | | | I think developers are particularly unlikely to find the descriptions useful, and would benefit from being able to copy&paste unit names. Let's make this choice automatically.
* | | meson: add experimental bpf-gcc compiler supportJames Hilliard2022-06-101-0/+2
|/ / | | | | | | | | Not fully working but should make it easier to clean up remaining issues.