| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Closes #29717.
Replaces #29760.
Co-authored-by: cunshunxia <cunshunxia@tencent.com>
|
| |
|
|
|
|
|
| |
This also makes write_env_file() and write_env_file_label() optionally
take dir_fd, and drop write_env_file_at().
Preparation for later commits.
|
| |
|
|
| |
No functional change intended.
|
| |
|
|
|
|
| |
All other command line parsers takes flags. Let's make
proc_cmdline_get_bool() also take flags. Though, currently,
no flag is set by the caller.
|
| | |
|
| |
|
|
|
|
| |
We have this very similar code in various places, and it#s not entirely
obvious (since we want a prolonged timeout for the reload), hence unify
this at one place.
|
| |
|
|
|
|
| |
pwquality and passwdqc
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
|
| |
|
|
|
|
| |
This would allow to use quality_check_password() in
user_record_quality_check_password() which still uses
sym_pwquality_check() directly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
quality_check_password() used to return the same value 0 in two
different cases: when pwq_allocate_context() failed with a
ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the
password. As result, users of quality_check_password() used to report
password weakness also in case when the underlying library was not
available.
Fix this by changing quality_check_password() to forward the
ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers
to handle this case gracefully.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Requested in https://github.com/systemd/systemd/pull/27755#pullrequestreview-1443489520.
I dropped the info message about the job being requested, because we get
fairly verbose logs from starting the unit, and the additional message isn't
useful.
In the unit, the ordering before systemd-vconsole-setup.service is dropped,
because now it needs to happen in parallel, while systemd-firstboot.service
is running. This means that we may potentially execute vconsole-setup twice,
but it's fairly quick, so this doesn't matter much.
|
| |
|
|
|
|
| |
Requested in https://github.com/systemd/systemd/pull/27750#issuecomment-1559258861.
I didn't apply the locale configuration in firstboot itself, because
we don't have any localized messages, so that wouldn't change anything.
|
| |
|
|
| |
Fixes #13466.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We would create root account from sysusers or from firstboot, depending on
which one ran earlier. Since firstboot offers more options, in particular can
set the root password, we needed to order it earlier. This created an ugly
ordering requirement:
systemd-sysusers.service > systemd-firstboot.service > ... >
systemd-remount-fs.service > systemd-tmpfiles-setup-dev.service >
systemd-sysusers.service
We want sysusers.service to create basic users, so we can create nodes in dev,
so we can operate on block devices and such, so that we can resize and remount
things. But at the same time, systemd-firstboot.service can only work if it is
run early, before systemd-sysusers.service has created /etc/passwd. We can't
have it both ways: the units that want to have a fully writable root file
system cannot be ordered before units which are required to do file system
preparation.
Instead of trying to order firstboot very early, let's let it do its thing even
if it is started later. Instead of refusing to create to the root account if
/etc/passwd and /etc/shadow exist, actually check if the account is configured.
Now sysusers writes root account with password PASSWORD_UNPROVISIONED
("!unprovisioned"), and then firstboot checks for this, and will configure root
in this case.
This allows sysusers to be executed earlier (or accounts to be set up earlier
in another way).
This effectively reverts b825ab1a99b69956057c79838faaf7b44afee474.
|
| |
|
|
|
|
|
|
|
|
|
| |
Let's flat out refuse to configure machine-id on a running system with
systemd-firstboot. It wouldn't work anyway, because by the time firstboot is
started, pid1 has created /etc/machine-id, possibly with "unitialized", so
firstboot wouldn't touch the file. (If --force is specified, it works. So
let's allow that in case people want to do crazy things.)
While at it, add missing descriptions of various things that were added over
time, and group descriptions of similar options together.
|
| |
|
|
|
|
|
|
|
|
| |
/run/systemd/mount-rootfs/ too
Let's use the same common directory as the unit logic uses.
This means we have less to clean up, and opens the door to eventually
allow unprivileged operation of the
mount_image_privately_interactively() logic.
|
| |
|
|
|
|
|
|
|
| |
Addresses
https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1060130312,
https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067927293, and
https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067926416.
Follow-up for 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.
|
| |\
| |
| | |
dissect: add dissection policies
|
| | | |
|
| |/
|
|
|
|
| |
There were a few remaining cases where we used arg_root instead of
the root directory file descriptor. Let's port those over to use the
root directory file descriptor as well.
|
| |
|
|
|
|
| |
This can be used to prepare an image for firstboot by removing all
files that systemd knows about that contain machine specific
information.
|
| |
|
|
|
|
|
|
| |
Let's always operate on paths without resolving the final component.
If the path is a symlink, it could point to a vendor default in /usr,
in which case we definitely do not want to modify the vendor defaults.
To avoid this from happening, we replace the symlink with our own file
instead of modifying the file the symlink points at.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Let's open a file descriptor to the root directory and perform all
path operations using that file descriptor. On top of that, let's
make sure we pin the directory containing the file we want to work
on and use atomic copies and writes everywhere we can..
|
| |
|
|
|
|
|
|
|
| |
Chasing symlinks is a core function that's used in a lot of places
so it deservers a less verbose names so let's rename it to chase()
and chaseat().
We also slightly change the pattern used for the chaseat() helpers
so we get chase_and_openat() and similar.
|
| |
|
|
|
| |
These are almost never used, so let's move them to the _full()
functions signatures.
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows sysusers to operate with --root that is an empty directory.
It may be useful to, for example, populate the user database before installing
anything else.
firstboot was already doing this, so drop the duplicated call there.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
\#0 __strcmp_evex () at ../sysdeps/x86_64/multiarch/strcmp-evex.S:295
No locals.
\#1 0x0000557444eb172b in process_locale () at ../src/firstboot/firstboot.c:342
etc_localeconf = 0x7ffd40217b80 "/root/root/etc/locale.conf"
locales = {0x0, 0x0, 0x0}
i = 0
r = <optimized out>
__PRETTY_FUNCTION__ = "process_locale"
__func__ = "process_locale"
\#2 0x0000557444eaff93 in run (argv=0x7ffd40217d98, argc=3) at ../src/firstboot/firstboot.c:1401
loop_device = 0x0
unlink_dir = 0x0
r = <optimized out>
loop_device = <optimized out>
unlink_dir = <optimized out>
r = <optimized out>
__func__ = <optimized out>
__PRETTY_FUNCTION__ = <optimized out>
enabled = <optimized out>
_error = <optimized out>
_level = <optimized out>
_e = <optimized out>
_level = <optimized out>
_e = <optimized out>
\#3 main (argc=3, argv=0x7ffd40217d98) at ../src/firstboot/firstboot.c:1432
r = <optimized out>
__PRETTY_FUNCTION__ = "main"
Fixes https://github.com/systemd/systemd/issues/25249
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
$ SYSTEMD_LOG_LEVEL=debug build/systemd-firstboot --prompt-root-password
Found container virtualization systemd-nspawn.
Found /etc/locale.conf, assuming locale information has been configured.
Failed to read credential firstboot.keymap, ignoring: No such device or address
Prompting for keymap was not requested.
Found /etc/localtime, assuming timezone has been configured.
Prompting for hostname was not requested.
Found /etc/machine-id, assuming machine-id has been configured.
Found /etc/passwd and /etc/shadow, assuming root account has been initialized.
Creation of /etc/kernel/cmdline was not requested, skipping.
|
| | |
|
| |
|
|
|
| |
The casting here isn't pretty, but at least it makes it obvious what is
happening instead of implicit and it allows enabling -Wformat-signedness.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/bin/sh as a shell is punishing. There is no good reason to make
the occasional root login unpleasant.
Since /bin/sh is usually /bin/bash in compat mode, i.e. if one is
available, the other will be too, /bin/bash is almost as good as a default.
But to avoid a regression in the situation where /bin/bash (or
DEFAULT_USER_SHELL) is not installed, we check with access() and fall back
to /bin/sh. This should make this change in behaviour less risky.
(FWIW, e.g. Fedora/RHEL use /bin/bash as default for root.)
This is a follow-up of sorts for 53350c7bbade8c5f357aa3d1029ef9b2208ea675,
which added the default-user-shell option, but most likely with the idea
of using /bin/bash less ;)
Fixes #24369.
|
| | |
|
| |
|
|
| |
Share code between firstboot and sysusers
|
| |
|
|
|
|
| |
If one of the files exists but not the other one, we want to make sure
we create the other file to make sure the passwd database is in a valid
state.
|
| |
|
|
|
|
| |
A long name of one parameter was making the whole thing very wide.
I think that it's obvious from the context what the argument is,
so a shorter name should be just as good.
|
| | |
|
| |
|
|
|
|
|
|
| |
glyph-util.[ch]
These functions are used pretty much independently of locale, i.e. the
only info relevant is whether th locale is UTF-8 or not. Hence let's
give this its own pair of .c/.h files.
|
| |
|
|
|
|
|
| |
The function was in basic/fileio.c, but it's more appropriate to
keep it out of src/basic.
Fixes compilation with -Dsmack-run-label= set.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In general we almost never hit those asserts in production code, so users see
them very rarely, if ever. But either way, we just need something that users
can pass to the developers.
We have quite a few of those asserts, and some have fairly nice messages, but
many are like "WTF?" or "???" or "unexpected something". The error that is
printed includes the file location, and function name. In almost all functions
there's at most one assert, so the function name alone is enough to identify
the failure for a developer. So we don't get much extra from the message, and
we might just as well drop them.
Dropping them makes our code a tiny bit smaller, and most importantly, improves
development experience by making it easy to insert such an assert in the code
without thinking how to phrase the argument.
|
| |\
| |
| | |
optionally, grow file systems to partition size when mounting them via GPT auto-discovery
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
tools that deal with OS images
Let's enable this in all tools that intend to write to the OS images.
It's not conditionalized for now, as there already is conditionalization
in the existance or absence of the flag in the GPT partition table (and
it's opt-in), hence it should be OK to just enable this by default for
now if the flag is set.
|
