| Commit message (Collapse) | Author | Files | Lines |
|---|
|
- use sd_bus_query_sender_creds() to retrieve credentials,
- read credentials only when we get credentials, to avoid triggering
assert_return(),
- downgrade log level of expected failure, and update log message about
unexpected success.
Prompted by #30029.
|
|
On checking if the message has enough credentials, the special flag
needs to be dropped.
Fixes a bug introduced by 705a415f684f8e9ee19983e5859de00bbb1477cb.
|
|
|
|
The warning is about unused variable "flags":
```
../src/partition/repart.c: In function ‘partition_encrypt’:
../src/partition/repart.c:3690:19: warning: unused variable ‘flags’ [-Wunused-variable]
3690 | TPM2Flags flags = 0;
| ^~~~~
```
Move the flags variable into the scope where it is actually used, which happens
to be inside the HAVE_TPM2 block.
|
|
The assertion can be triggered by bad `$attr{[<subsys>/<sysname>]<attribute>}`
formatting. That's not a programmer's error, but a runtime error.
Prompted by #30029.
|
|
This also changes error code from -ENODATA -> -EBADMSG,
as we received bad message in that case.
Prompted by #30029.
|
|
Prompted by #30029.
|
|
|
|
|
|
Use f-strings and simplify the code a bit.
When I call 'acpi-update.py' after those changes, the resulting .hwdb files are
the same except for two additions that appeared in the meantime. I don't think
it makes sense to update them again, because the ma-*.txt files changed and we
don't want to store big blobs unnecessarilly.
|
|
The old suffix is now confusing.
|
|
|
|
|
|
A non-breaking space is used between "PCR" and the number. I did
search&replace on the whole file, so that when people select&paste
later, they are more likely to use the same format.
|
|
$ SYSTEMD_LOG_LEVEL=debug machinectl status --machine=@
Assertion 'r > 0' failed at src/libsystemd/sd-bus/sd-bus.c:1694, function sd_bus_open_system_machine(). Ignoring.
|
|
Otherwise bad thing would've happened is this was a hard assert:
+ systemd-mount --umount /dev/loop0
Assertion 'device' failed at src/libsystemd/sd-device/sd-device.c:2202, function sd_device_get_property_value(). Ignoring.
|
|
Don't use assert_runtime() when we get an invalid match string, since
that's a runtime error:
$ SYSTEMD_LOG_LEVEL=debug coredumpctl info =
...
Adding match: =
Assertion 'match_is_valid(data, size)' failed at src/libsystemd/sd-journal/sd-journal.c:240, function sd_journal_add_match(). Ignoring.
Failed to add match "=": Invalid argument
|
|
Fixes: #30026
|
|
Fixes: #29791
|
|
I cannot see a reason why we should ignore this error, so let's not. We
use RET_GATHER() on the returns anyway, i.e. collect errors but
continue, so it makes sense to collect this one too.
|
|
We are not invoked in the initrd, and that deserves a comment.
|
|
This call is never called in the initrd, hence we can drop the extra
check, as it is redundant. Let's keep it as an assert() though, as a
form of code-enforced documentation.
|
|
meson's `cpp_args` option is defined only if it detects a C++ compiler,
otherwise we get an error:
../test/fuzz/meson.build:56:28: ERROR: Tried to access unknown option 'cpp_args'.
|
|
|
|
Fixes a bug introduced by 6b7d5b6eaf9029b88771ae0ba3cf3c95adb3c24d.
|
|
This effectively reverts 92914960113b9ed21570f4329e2b2b2bf3e84629.
This fixes the maximum length of DUID.
See RFC 8415 section 11.1.
|
|
Follow-up for 53488ea352b658e37eef06f958c3f8ca062a64d9.
|
|
These are all newline breaks, but some meson tool changed at some
point that causes all of these changes to happen, and they have
started to appear when Weblate sends translations update, making
them very hard to review as they are mostly adding these breaks.
Update all files once and for all so that new translations PRs are
easier to review.
|
|
|
|
Adjust the parsing as it's no longer HTML files. Some IDs end with
whitespace, without being quoted, which seems like a mistake as they
weren't before, so strip the ID columns before applying them.
|
|
|
|
|
|
|
|
|
|
Currently the test works only with policy shipped by Fedora, which makes
it pretty much useless in most of our CIs. Let's drop the custom module
and make the test more generic, so it works with the refpolicy as well,
which should allow us to run it on Arch and probably even in Ubuntu CI.
|
|
The config file has (unfortunately) precedence over the kernel command
line, so let's tweak the config file if necessary.
|
|
|
|
To make the generated IDs equivalent when
- sd_device object is not provided,
- sd_device object is provided, but it does not have ID_SERIAL.
Follow-up for abc19a6ffaa94893ffc40cc000e5bb4437f67656.
This also fixes missing voidification.
Fixes CID#1524253.
|
|
First, check for the cached enabled/disabled, as that's what all the
label functions used to do. Then, if initialization is not done yet,
do not cause the label functions to bail out, as it's expected to
happen at early boot.
Among other things, fixes:
systemd[1]: Failed to compute init label, ignoring.
Follow-up for: 0617da2edb91669a
|
|
Seeing three different spellings of OpenSSL in one log file triggers
some inner OCD I didn't even know I have.
|
|
--tpm2-device-key= requires OpenSSL >= 3 with KDF-SS, so let's skip the
test if we're running with older OpenSSL.
+ systemd-cryptenroll --tpm2-device-key=/tmp/srk.pub --tpm2-pcrs=12:sha256=F5A5FD42D16A20302798EF6ED309979B43003D2320D9F0E8EA9831A92759FB4B /tmp/systemd-cryptsetup-H8y.IMAGE
Failed to find TPM2 pcrlock policy file 'pcrlock.json': No such file or directory
Allocating context for crypt device /tmp/systemd-cryptsetup-H8y.IMAGE.
Trying to open and read device /tmp/systemd-cryptsetup-H8y.IMAGE with direct-io.
Trying to open device /tmp/systemd-cryptsetup-H8y.IMAGE without direct-io.
Initialising device-mapper backend library.
Trying to load LUKS2 crypt type from device /tmp/systemd-cryptsetup-H8y.IMAGE.
Crypto backend (OpenSSL 1.1.1k FIPS 25 Mar 2021) initialized in cryptsetup library version 2.3.7.
Detected kernel Linux 4.18.0-521.el8.ppc64le ppc64le.
...
Failed to find TPM PCR public key file 'tpm2-pcr-public-key.pem': No such file or directory
Failed to read TPM2 PCR public key, proceeding without: No such file or directory
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
PolicyPCR calculated digest: 9a1f511fb94f030eb21d0332ef2739727bf0ead4ec26a204d15b09cdeb4b2555
Calculating sealed object.
Calculating encrypted seed for sealed object.
Calculating encrypted seed for ECC sealed object.
Calculating KDFe().
KDF-SS requires openssl >= 3.
Could not calculate KDFe: Operation not supported
Could not calculate encrypted seed: Operation not supported
Failed to seal to TPM2: Operation not supported
|
|
don't let the devices to be announced just as model "Linux". Let's instead
propagate the underlying block device's model. Also do something
reasonably smart for the serial and firmware version fields.
|
