summaryrefslogtreecommitdiffstats
path: root/mkosi.images (unfollow)
Commit message (Collapse)AuthorFilesLines
2024-03-11data-fd-util: Fixup headerAdrian Vovk1-1/+1
inttypes.h doesn't define size_t
2024-03-11polkit: update the rest of bus_verify_polkit_async_full() calls to new flags ↵Luca Boccassi3-9/+9
parameter Looks like the compiler doesn't even notice these were left over as the types end up matching somehow Follow-up for 29556b75d8025580eebe160a1fa1459965912ee2
2024-03-11fd-util: beef up fd_verify_safe_flags() featuresLennart Poettering3-7/+11
Let's make fd_verify_safe_flags() even more useful: 1. let's return the cleaned up flags (i.e. just the access mode) after validation, hiding all the noise, such as O_NOFOLLOW, O_LARGEFILE and similar. 2. let's add a "full" version of the call that allows passing additional flags that are OK to be set.
2024-03-11polkit: turn "interactive" flag to polkit APIs into a proper flags field ↵Lennart Poettering9-27/+34
(#31715) This adds for both the D-Bus and the Varlink flavours of our polkit client api a flags parameter. And then folds the "bool interactive" flag that the D-Bus version so far had, into a flag, and also adds support for it in the Varlink API. Since this means the Varlink API gained another parameter, let's do what we already did for the D-Bus API and add a _full() version of the API that has the flags and the good_uid parameter, and one without both.
2024-03-11basic: add PIDFS magic (#31709)cpackham-atlnz2-0/+6
Kernel commit cb12fd8e0dabb9a1c8aef55a6a41e2c255fcdf4b added pidfs. Update filesystems-gperf.gperf and missing_magic.h accordingly. This fixes the following error building against a bleeding edge kernel. ``` ../src/basic/meson.build:234:8: ERROR: Problem encountered: Unknown filesystems defined in kernel headers: Filesystem found in kernel header but not in filesystems-gperf.gperf: PID_FS_MAGIC ```
2024-03-11po: Translated using Weblate (Russian)Sergey A1-34/+18
Currently translated at 100.0% (233 of 233 strings) Co-authored-by: Sergey A <sw@atrus.ru> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ru/ Translation: systemd/main
2024-03-11semaphore: remove workaround for adduserLuca Boccassi1-2/+0
Offending commit has been reverted, so it's no longer necessary: https://salsa.debian.org/ci-team/autopkgtest/-/commit/90167696914889efa782aac3f1f44ab68498c529 Follow-up for 8b7485c505f1e7a55896069224109adaf10c16b9
2024-03-11polkit: trivial simplificationLennart Poettering1-5/+1
2024-03-11gpt-auto: ignore fstab_has_node failureMike Yuan1-2/+2
After 8a1326581d9b066377f8d9f2d58e1bdfd8b645d0, we always check whether there're mounts under /boot/ or /efi/ first. Let's relax the check for fstab_has_node hence, since on initrd-less systems it might produce wrong results.
2024-03-11fstab-util: remove unreachable returnMike Yuan1-2/+0
2024-03-11hwdb: Add touchpad configuration for ThinkPad E495İ. Ensar Gülşen1-1/+2
2024-03-10man: Mention that SMBIOS type 11 strings are ignored inside CVMDaan De Meyer2-2/+4
2024-03-10man: fix systemd-measure manpage conditionalLuca Boccassi2-2/+2
Follow-up for ec3cf73f303cf99ba73c91b734401b3ad2c218e9
2024-03-10man/systemd-hibernate-resume: generator now enables rather than creates the ↵Mike Yuan2-8/+5
service Follow-up for a628d933cc67cc8b183dc809ba1451aa5b2996e5
2024-03-10systemd-boot: Add support for reading extra kernel cmdline from SMBIOSDaan De Meyer4-1/+44
Same as io.systemd.stub.kernel-cmdline-extra, but for type 1 entries booted by systemd-boot.
2024-03-10quotacheck: store argv[*] in static varMike Yuan1-9/+9
As per our coding style
2024-03-10quotacheck: minor modernizationMike Yuan1-4/+11
2024-03-10units: make quota services bind to corresponding mount unitsMike Yuan2-2/+3
Follow-up for a628d933cc67cc8b183dc809ba1451aa5b2996e5 systemd-growfs@.service does the same.
2024-03-10mkosi: fix typoYu Watanabe1-1/+1
Follow-up for 4d0f1451b58dbd4b94da579b800adef4f4e42c34.
2024-03-09units: make templates for quotaon and systemd-quotacheck serviceThomas Blume12-62/+186
2024-03-09semaphore: drop some manual build deps, handled by packageLuca Boccassi1-2/+2
The package now pulls in more dependencies, so can drop some. Also we don't need libarchive-dev and libcurl4-openssl-dev from backports.
2024-03-09semaphore: move back to autopkgtest master branchLuca Boccassi1-1/+3
Instead of fixing the commit, we can workaround the adduser issue by simply creating a user manually beforehand, which means the broken codepath in autopkgtest is not taken. We can remove it once it's fixed upstream, which is in progress: https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/297
2024-03-09core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE callVasiliy Stelmachenok1-1/+1
Without it prctl will always fail, even if using a kernel version that supports the PR_SET_MEMORY_MERGE call.
2024-03-08resolved: also reply NOTIMP when refusing a query based on RR typeRonan Pigott1-1/+5
In some cases we refuse a query based on the RR type, mostly old deprecated types. Let's return NOTIMP in this case, which best communicates why the query failed.
2024-03-08extract-word: increase test-extract-word coverage for unicode inputsChandra Pratap1-0/+24
In the current testing scheme in test-extract-word, we only have two test cases covering unicode strings. Improve upon this by adding more cases for the same. Signed-off-by: Chandra Pratap <chandrapratap3519@gmail.com>
2024-03-08add unittest cases for argv_looks_like_helpAbraham Samuel Adekunle1-0/+5
2024-03-08Added a new test to cover login-util.cUnique-Usman2-0/+23
2024-03-08man/kernel-install: add `add-all` command to synopsisAntonio Alvarez Feijoo1-0/+5
2024-03-08mkosi: Add BuildSourcesEphemeral=yesDaan De Meyer1-0/+1
Required to make sure that any changes packaging specs make to the source files are thrown away after the build so they don't mess with the source tree.
2024-03-08mkosi: fix typoYu Watanabe1-1/+1
Follow-up for 4d0f1451b58dbd4b94da579b800adef4f4e42c34.
2024-03-08resolve: fix typoYu Watanabe1-1/+1
Follow-up for d08566fad7c97df153d38e314670aea3822106e1.
2024-03-08bootctl: additional fixes for local/global UKI PE addonsEmanuele Giuseppe Esposito2-57/+108
Fix various memory leaks and names used in https://github.com/systemd/systemd/pull/28761.
2024-03-08resolved: don't cache NXDOMAIN for SUDN resolver.arpaRonan Pigott4-1/+49
The name resolver.arpa is reserved for RFC9462 "Discovery of Designated Resolvers" (DDR). This relies on regular dns queries for SVCB records at the special use domain name _dns.resolver.arpa. Unfortunately, older nameservers (or broken ones) won't know about this SUDN and will likely return NXDOMAIN. If this is cached, the cache entry will become an impediment for any clients trying to discover designated resolvers through the stub-resolver, or potentially even sd-resolved itself, were it to implement DDR. The RFC recommendation is that "clients MUST NOT perform A or AAAA queries for resolver.arpa", and "resolvers SHOULD respond to queries of any type other than SVCB for _dns.resolver.arpa. with NODATA and queries of any type for any domain name under resolver.arpa with NODATA." which should help avoid potential compatibility issues. This enforces that condition within sd-resolved, and avoids caching any such erroneous NXDOMAIN. The RFC also recommends requests for this domain should never be forwarded, to prevent authentication failures. Since there isn't much point in establishing secure communication to the local stub, we still allow SVCB to be forwarded from the stub, in case the client cares to implement some other authentication method and understands the consequences of skipping the local stub. Normal clients are not expected to implement DDR, but this change will protect sd-resolved's own caches in case they try. Although A and AAAA are prohibited, I think validating resolvers might reasonably query for dnssec records, even though the resolver.arpa zone does not exist (it is declared to be a locally served zone). For this reason, I have also added resolver.arpa to the builtin dnssec NTA.
2024-03-07Add more unit test to cover the uid_range_covers inside the uid-range.c ↵Unique-Usman1-0/+2
file (#31666) * Add more unit test to cover the uid_range_covers inside the uid-range.c file
2024-03-07Added a unit test to cover af_to_name in af-list.cUnique-Usman1-0/+1
2024-03-07logind-dbus: count user-early sessions in verify_shutdown_creds tooMike Yuan1-1/+1
Follow-up for 59afe07c217c73e3c7c19fb06aef2ff7bf609fd2
2024-03-07resolved: refuse queries with no suitable scopeRonan Pigott1-0/+4
In some cases there is no configured server to answer a given question, because all scopes refused the query. In this case we currently return rcode SERVFAIL. In dns it is customary for authoritative nameservers to return REFUSED where the question is outside of their authority. This is better than SERVFAIL because it informs the client that they aren't likely to get an answer out of us anytime soon, and either the configuration, or the query, need to change. Similar logic invites us to use use the rcode REFUSED on the stub if we aren't configured with any suitable scope for this question.
2024-03-07shared/conf-parser: add two more annotationsZbigniew Jędrzejewski-Szmek1-2/+2
2024-03-07bootctl: use the full parser tooZbigniew Jędrzejewski-Szmek1-30/+38
2024-03-07kernel-install: support full set of config files and drop-insZbigniew Jędrzejewski-Szmek3-53/+64
This brings the handling of config for kernel-install in line with most of systemd, i.e. we search the set of paths for the main config file, and the full set of drop-in paths for drop-ins. This mirrors what 07f5e35fe7967c824a87f18a3a1d3c22e5be70f5 did for udev.conf. That change worked out fine, so I hope this one will too. The update in the man page is minimal. I think we should split out a separate page for the config file later on. One motivating use case is to allow a drop-in to be created for temporary config overrides and then removed after the operation is done.
2024-03-07man: document all the new pathsZbigniew Jędrzejewski-Szmek13-14/+49
2024-03-07various: use new config loader instead of config_parse_config_file()Zbigniew Jędrzejewski-Szmek16-103/+97
This means the main config file is loaded also from /run and /usr. We should load the main config file from all the places where we load drop-ins. I realize I had a giant blind spot: I always assumed that we load config files from /etc, /run, /usr/local/lib, /usr/lib. But it turns out that we only used those paths for drop-ins. For the main config file, we only looked in /etc. The docs actually partially described this behaviour, i.e. most SYNOPSIS sections and some parts of the text, but not others. This is strange, because 6495361c7d5e8bf640841d1292ef6cfe1ea244cf was completely bogus with the behaviour before this patch. We had a huge discussion before it was merged, and clearly nobody noticed this. Similarly, in the previous version of the current pull request, we had a long discussion about the appropriate order of directories, and apparently nobody noticed that there was no order, because only looked in one directory. So the blind spot seems to have been shared. Also, systemd-analyze cat-config behaved incorrectly, i.e. its behaviour matches the new behaviour. Possibly, in the future it'll make it easier to add support for --root.
2024-03-07shared/conf-parser: add function which implements the standard config file setZbigniew Jędrzejewski-Szmek3-1/+155
Also allow config_parse_many() to be called for config files without sections. The test uses such a file.
2024-03-07shared/conf-parser: use chase() in config_parse_many_files()Zbigniew Jędrzejewski-Szmek2-21/+18
The function was partially implementing chroot lookups. It would be given file names that were prefixed with the chroot, so it would mostly work. But if any of those files were symlinks, fopen() would do the wrong thing. Also we don't need locking. So give 'root' as the argument and use chase_and_fopen_unlocked() to get proper chroot-aware lookups. The only place where config_parse_many() is called with root is is repart.c. So this is a follow-up for e594a3b154bd06c535a934a1cc7231b1ef76df73 and 34f2fd5096cdb26ef57998740b1b876332d968fc.
2024-03-07strv: add helper to extend strv from both sidesZbigniew Jędrzejewski-Szmek7-10/+29
Also, use the more correct type of 'const char* const*' for the input strv. This requires adding the cast in a few places, but also allows to remove some casts in others.
2024-03-07udevd: inline iterator variableZbigniew Jędrzejewski-Szmek1-3/+2
2024-03-07udev,backlight,kernel-install: reword sentences starting with "Skipping to"Zbigniew Jędrzejewski-Szmek4-7/+7
That's not gramatically correct. In backlight, change "assocation" to "deduplication". Without the context, it's probably not clear at all that we "associate" them to ignore them.
2024-03-07shared/pretty-print: rename output parametersZbigniew Jędrzejewski-Szmek1-4/+4
2024-03-07shared/conf-parser: collapse pkgdir and conf_file args into oneZbigniew Jędrzejewski-Szmek16-36/+24
This essentially reverts 5656cdfeeabc16b5489f5ec7a0a36025a2ec1f23. I find it much easier to understand what is going on when the path-relative-to-the-search-path is passed in full, instead of being constructed from two parts, with one of the parts being implicit in some places. Also, we call 'systemd-analyze cat-config <path>' with <path> with the same meaning, so this makes the internal and external APIs more consistent.
2024-03-07constants: drop duplicated CONF_PATHS definesZbigniew Jędrzejewski-Szmek5-26/+9
Follow-up for b0d3095fd6cc1791a38f57a1982116b4475244ba.