| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fixes oss-fuzz#28817.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28817
|
|
This explicitly documents the default `UTC` timezone which is used
by systemd and (other softwares) when `/etc/localtime` is not present.
Ref: https://github.com/systemd/systemd/blob/v247/src/basic/time-util.c#L1460-L1469
|
|
`AllowedIPs=` only affects "routing inside the network interface
itself", as in, which wireguard peer packets with a specific destination
address are sent to, and what source addresses are accepted from which
peer.
To cause packets to be sent via wireguard in first place, a route via
that interface needs to be added - either in the `[Routes]` section on
the `.network` matching the wireguard interface, or outside of networkd.
This is a common cause of misunderstanding, because tools like wg-quick
also add routes to the interface. However, those tools are meant as a
"extremely simple script for easily bringing up a WireGuard interface,
suitable for a few common use cases (from their manpage).
Networkd also should support other usecases - like setting AllowedIPs to
0.0.0.0/0 and ::/0 and having a dynamic routing protocol setting more
specific routes (or the user manually setting them).
Reported-In: https://github.com/systemd/systemd/issues/14176
|
|
|
|
|
|
Fixes following warning/error w/ clang:
../src/cryptenroll/cryptenroll-tpm2.c:64:64: error: unused variable 'a' [-Werror,-Wunused-variable]
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *a = NULL;
^
1 error generated.
|
|
It's often useful to have an editor available to edit some random
config file in the final image. Let's install some basic editors
that don't take up too much space.
|
|
|
|
Don't automatically match on man/* and **/meson.build, since we change those
files as part of larger changes that we usually don't mark that way
|
|
The regex results in calls of "make setup run -again" which is broken
|
|
The old env var doesn't seem to be used anywhere, and the script
currently doesn't work, so it seems safe to change immediately
|
|
Recently, mkosi gained support for specifying an --install-directory
option to save the contents of the install directory between bulids.
By enabling the --only-changed meson install option, meson won't
overwrite the contents of files that haven't changed since the last
build when using --install-directory.
|
|
* man: Advertise systemd-time-wait-sync.service more
The description of time-sync.target says that NTP services *should* pull
that target, but doesn't mention that e.g. systemd-timesyncd.service
doesn't actually do that. As a result, time-sync.target is reached way
earlier than people expect; see #5097, #8861, #11008.
systemd provides systemd-time-wait-sync.service to ameliorate this
problem, but doesn't feature it prominently in relevant manpages. In
fact, it's only mentioned in passing in systemd-timesyncd.service(8). As
a result, I ended up re-implementing that service, and I'm not the first
one: https://github.com/NixOS/nixpkgs/pull/51338
This patch adds a mention right in the description of time-sync.target,
which will hopefully raise awareness of this helper service.
|
|
Follow-up for 94566540e3863032df3a8a89f948b94d764ca2b4.
|
|
|
|
As sizeof(int64_t) is always 8.
|
|
Follow-up for b9d8069832425b34211a6812e06537e0c50d46b6.
libudev.h was dropped from most of our binaries.
|
|
Allow configuration for IPv6 discovered routes to be ignored instead of
adding them as a route. This can be used to block unwanted routes, for
example, you may wish to not receive some set of routes on an interface
if they are causing issues.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Closes #17690.
|
|
|
|
|
|
time-sync.target
|
|
If users do not enable a service like systemd-time-wait-sync.target
(because they don't want to delay boot for external events, such as an
NTP sync), then timers should still take the the weaker time-set.target
feature into account, so that the clock is at least monotonic.
Hence, order timer units after both of the targets: time-sync.target
*and* time-set.target. That way, the right thing will happen regardless
if people have no NTP server (and thus also no
systemd-time-wait-sync.service or equivalent) or, only have an NTP
server (and no systemd-time-wait-sync.service), or have both.
Ordering after time-set.target is basically "free". The logic it is
backed by should be instant, without communication with the outside
going on. It's useful still so that time servers that implement the
timestamp from /var/ logic can run in later boot.
|
|
systemd-timesyncd.service only applies the much weaker monotonic clock
from file logic, i.e should pull in and order itself before
time-set.target. The strong time-sync.target unit is pulled in by
systemd-time-wait-sync.service.
|
|
|
|
As suggested: https://github.com/systemd/systemd/pull/17741#issuecomment-743479834
|
|
|
|
|
|
|
|
This useful for bootstrapping encrypted systems: on first boot let's
create a /var/ partition that is locked to the local TPM2.
|
|
|
|
|
|
|
|
|
|
This is similar to the base64 support, but fixed-size hash values are
typically preferably presented as series of hex values, hence store them
here like that too.
|
|
|
|
security tokens
|
|
|
|
Apparently devices are supposed to generate failures if we try to turn
off features they don't have. Thus don't.
Prompted-by: https://github.com/systemd/systemd/issues/17784#issuecomment-737730395
|
