| Commit message (Collapse) | Author | Files | Lines |
|---|
|
These will be used by display managers to pre-select the user's
preferred desktop environment and display server type. On homed, the
display manager will also be able to set these fields to cache the
user's last selection.
|
|
We have these pretty macros, let's use them everywhere (so far we mostly
used them for newer additions only).
This PR is mostly an excercise in "perl -p -i -e", but there are some
special cases:
* idn-util.c exposes a function whose prototype in the official library
headers is marked with the "const" attribute, and this apparently does
not propagate along typeof() correctly and then
__builtin_types_compatible_p() fails later because it detects that
prototype and original function don't match in prototype.
* libbpf removed some symbols in newer versions, hence we need to define
some prototypes manually to still be able to build.
* libcryptsetup marked a symbol as deprecated we want to use (knowing it
is deprecated). By using the macros this is detected by the compiler.
We work around it via the usual warning off macros.
Note by using these macros we assume that all symbols are known during
build time. Which might not be the case. We might need to revert this
commit for some symbols if this trips up builds on older distros.
|
|
Generic EFI zboot added since kernel 6.1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/firmware/efi/libstub/Makefile.zboot?h=v6.1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/firmware/efi/libstub/zboot-header.S?h=v6.1
|
|
Bumps [meson](https://github.com/mesonbuild/meson) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.3.1...1.3.2)
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/012739e5082ff0c22ca6d6ab32e07c36df03c4a4...8a470fddafa5cbb6266ee11b37ef4d8aae19c571)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.0.2 to 5.1.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/91e2582e40236f831458392d905578d680baa138...b9df2a9417f69c056e0aeaf870abd9a2065a403e)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
Addresses https://github.com/systemd/systemd/pull/31492#discussion_r1507481748.
|
|
|
|
These are not used anymore.
|
|
Now LLDP neighbors are exposed through varlink. Hence, it is not
necessary to save to a file.
|
|
`networkctl lldp` and `networkctl status INTERFACE` now use varlink
call to the networkd to query LLDP neighbors.
Then, this allows to dump LLDP neighbors in JSON format.
Co-authored-by: Tomáš Pecka <tomas.pecka@cesnet.cz>
|
|
Then optionally return the varlink connection to the caller.
|
|
The method provides the list of LLDP neighbors.
Co-authored-by: Tomáš Pecka <tomas.pecka@cesnet.cz>
|
|
Add functions serializing LLDP neighbors to JSON (JsonVariant).
The entry contains a chassis id, system name and port id of the remote
neighbor. Also it possibly contains an integer coding the enabled system
capabilities and port description.
|
|
Partially reverts commit b0d3095fd6cc1791a38f57a1982116b4475244ba.
While it is generally worthwhile for systemd to drop split-usr support,
these options are NOT about split-usr support. The universal location of
POSIX sh is always /bin/sh. Bash is pretty reasonably standardized there
too.
This happens irrespective of /bin being a symlink to /usr/bin.
Ramifications of this change include things like:
- portably running shell scripts that might run very nearly anywhere
- /etc/shells support
For standardization and compatibility reasons, these commands with these
paths need to be consistently found on any system, and thus distros make
sure this works, although even on split-usr systems /usr/bin/bash may be
a symlink to /bin/bash.
Embedding the *access path* of bash as /usr/bin/bash in systemd, for
example in libnss_systemd.so, means that login shells must agree with
systemd on how they invoke the shell. End result: users fail to login
because of access violations.
This cannot be fixed by "fixing PAM" because PAM does not follow
symlinks by design: one example is that it needs to treat rbash as
different from bash.
Fixes: https://bugs.gentoo.org/919749
Signed-off-by: Eli Schwartz <eschwartz93@gmail.com>
|
|
Tighten our VM check: whether we run in a VM is not enough to do
AF_VSOCK. We also need to check if we are run in a container, because if
we run in a container inside a VM then we should *not* do the AF_VSOCK
stuff, but leave the port free for the VM itself.
As discussed here:
https://github.com/systemd/systemd/pull/31544#issuecomment-1971455401
|
|
This makes it easier for people packaging kernel-install plugins
to get the path right.
E.g. https://src.fedoraproject.org/rpms/python-virt-firmware/pull-request/3
fixes an issue where %{_libdir}/kernel/install.d was used,
which gives incorrect results on 64-bit architectures.
%_kernel_install_dir will make this even easier.
|
|
Search on sourcegraph.com doesn't yield any users. And each
use would emit a warning, so I think it's safe to assume that
it has no users.
|
|
Apparently this case exists, let's handle it gracefully.
Prompted by: https://github.com/systemd/systemd/pull/31544#issuecomment-1971241397
|
|
Revert the rename from "options" to "finalCmdline" in 122650b4a0
while the bigger https://github.com/systemd/systemd/pull/31339 is still
under review.
|
|
sshd.service on Debian uses RuntimeDirectory=sshd, without which sshd
complains:
[ 4065.834904] sshd[711]: Missing privilege separation directory: /run/sshd
[ 4065.835785] systemd[1]: mysshserver@0-127.0.0.1:4711-127.0.0.1:58232.service: Deactivated successfully.
[ 4065.836433] testsuite-46.sh[708]: kex_exchange_identification: read: Connection reset by peer
[ 4065.836433] testsuite-46.sh[708]: Connection reset by 127.0.0.1 port 4711
Resolves: #31518
|
|
Addresses: https://github.com/systemd/systemd/issues/31518#issuecomment-1968295678
|
|
This should make the test faster, especially on machines without
acceleration.
|
|
|
|
It appears the build-api effort at
https://github.com/cgwalters/build-api hasn't really caught on.
systemd appears one of the very few projects actually supporting it.
It does confuse certain tools though. E.g. debhelper by finding a
configure script wrongly assumes this is an autoconf project and thus
needs to be told explicitly that this is in fact a Meson project [1].
Given that Meson is an established build system by now, it appears ok to
drop this compat layer, which will never be fully complete anyway.
[1] https://salsa.debian.org/systemd-team/systemd/-/blob/debian/master/debian/rules?ref_type=heads#L281
|
|
- avoid stripping debug symbols and creating dbgsym packages
- avoid LTO, slows down build a lot
- avoid compressing packages, they are thrown out immediately after use
- avoid building udeb packages, not needed
|
|
PRs #31531 and #31524 were merged in quick succession. They are fine
both on their own. But in combination they break the build. Fix it.
|
|
|
|
|
|
|
|
|
|
checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
|
|
As in the previous commit, let's not change the order of the words
compared to the underlying glibc API.
|
|
The glibc API is behind the wrapper is called "secure_getenv()", hence
our wrapper really should keep the order too, otherwise things are just
too confusing.
|
|
|
|
Most of our kernel cmdline options use underscores as word separators in
kernel cmdline options, but there were some exceptions. Let's fix those,
and also use underscores.
Since our /proc/cmdline parsers don't distinguish between the two
characters anyway this should not break anything, but makes sure our own
codebase (and in particular docs and log messages) are internally
consistent.
|
|
varlink_dispatch() returns > 0 if it already replied to the method call,
hence this is reason to return from the handler function, and not
proceed.
|
|
|
|
|
|
Specify the delay, in milliseconds, between each peer
notification (gratuitous ARP and unsolicited IPv6
Neighbor Advertisement) when they are issued after
a failover event. This delay should be a multiple of
the MII link monitor interval (miimon).
The valid range is 0 - 300s. The default value is 0,
which means to match the value of the MII link monitor interval.
|
|
|
|
Previously if a PTYForward instance had the window title set but no
background color set then it would crash in an assertion as
pty_forward_ansi_process didn't require both to be present.
systemd-vmspawn could get into this state if it failed to get the
terminal tint color.
Now any method that would have called background_color_sequence now
becomes just a NOP if the background color is not set.
This allows keeping the functionality to set window titles even if the
terminal doesn't support the background coloring.
|
|
Currently scan_background_color_response only accepts BEL (\x07) to end
a response, however some terminals (namely kitty in my case) will reply
with the string terminator (ST - https://en.wikipedia.org/wiki/ANSI_escape_code).
This commit changes the behaviour to now accept either ending.
|
|
Currently the return value 0 is not checked for, this indicates a
timeout and should be handled to prevent doing a blocking read on a file
descriptor with no data ready.
|
|
This effectively reverts 9175002864d8876f375e0df089d142d239282528.
The retrans time field in RA message is for neighbor solicitation,
and the commit d4c8de21a07d015f2f2c787e0735be5e4d02fb3c makes the value
assigned to the correct sysctl property.
Let's deprecate the option, and drop the redundant functions.
|
|
|
