summaryrefslogtreecommitdiffstats
path: root/src/resolve (unfollow)
Commit message (Collapse)AuthorFilesLines
2023-07-14compare: fix typoYu Watanabe1-1/+1
2023-07-14catalog: update Polish translationPiotr Drąg1-0/+22
2023-07-14battery-check: allow to skip by passing systemd.battery-check=0Yu Watanabe4-1/+53
2023-07-14efi: don't pull kernel cmdline from SMBIOS in a confidential VMDaniel P. Berrangé1-11/+15
In a confidential VM, the SMBIOS data is not trusted, as it is under the control of the host OS/admin and not covered by attestation of the machine. Fixes: https://github.com/systemd/systemd/issues/27604 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-07-14efi: add helper API for detecting confidential virtualizationDaniel P. Berrangé2-0/+119
This helper is a simplified version of detect_confidential_virtualization() that merely returns a boolean status flag reflecting whether we are believed to be running inside a confidential VM. This flag can be used for turning off features that are inappropriate to use from a CVM, but must not be used for releasing sensitive data. The latter must only be done in response to an attestation for the environment. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-07-14resolved: fix the canonical name returned by hosts lookup by nameDmitry V. Levin2-5/+48
In etc_hosts_lookup_by_name(), return the canonical name of the resolved address instead of the name used to obtain that address. Resolves: #20158
2023-07-14resolved: fix the canonical name returned by hosts lookup by addressDmitry V. Levin2-14/+34
In etc_hosts_lookup_by_address(), make sure the canonical name of the given address is returned first in the list of names that address resolves to. Resolves: #25088
2023-07-14resolved: keep track of first names listed for each address in /etc/hostsDmitry V. Levin3-3/+33
These names will be used later in responses as canonical names.
2023-07-14fundamental: share constants for confidential virt detectionDaniel P. Berrangé2-66/+73
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-07-14mkosi: Move settings to right sectionsDaan De Meyer1-5/+5
2023-07-14mkosi: Stop using python3.9 on CentOS 8Daan De Meyer10-82/+20
Let's get rid of all the complexity and just not build ukify on CentOS Stream 8.
2023-07-14mkosi: Drop kernel command line arguments that are set by mkosiDaan De Meyer1-11/+0
mkosi sets these by default now so let's drop them from our configuration.
2023-07-14mkosi: Update to latestDaan De Meyer5-26/+3
mkosi now supports CentOS SIGs natively so we drop our own definition of that and use the mkosi builtin one. We also enable hyperscale for both CentOS 8 and CentOS 9 for consistency and add epel-next as well which is a requirement for Hyperscale.
2023-07-14elf2efi: Make compatible with python 3.6 againDaan De Meyer2-11/+10
CentOS 8 ships python 3.6 so let's try and stay compatible with that since the only feature we're using that requires python 3.9 is the streamlined type annotations which are trivial to convert back to the older stuff to stay compatible with python 3.6.
2023-07-14po: Translated using Weblate (Ukrainian)Yuri Chornoivan1-22/+47
Currently translated at 100.0% (227 of 227 strings) po: Translated using Weblate (Ukrainian) Currently translated at 93.8% (213 of 227 strings) Co-authored-by: Yuri Chornoivan <yurchor@ukr.net> Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/uk/ Translation: systemd/main
2023-07-14po: Update translation filesWeblate38-64/+5559
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Co-authored-by: Weblate <noreply@weblate.org> Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ Translation: systemd/main
2023-07-14packit: temporarily use older Rawhide specFrantisek Sumsal1-1/+7
Until [0] is deployed to production. [0] https://github.com/packit/specfile/commit/2bdcec3db5cbee5e1f61fd578edd6a3393afd787
2023-07-14kernel-install: Avoid reopening file descriptor via /procDaan De Meyer1-13/+13
kernel-install used to work without /proc mounted before the rewrite in C. Let's restore that property by making sure we don't reopen file descriptors via /proc. In this case, parse_env_file_fdv() calls fdopen_independent() to get a FILE * for the given file descriptor (which itself calls fd_reopen()). Let's avoid the call to fdopen_independent() by using chase_and_fopenat_unlocked() which gives us a FILE * immediately without having to reopen any file descriptors.
2023-07-14po: add homed file and regenerate potLuca Boccassi2-1/+155
2023-07-14network: check lifetime of address and route before configureYu Watanabe2-2/+23
Otherwise, we may configure a route that depends on the existence of an address or another route, and may fail when lifetime of one of them are already zero. Hopefully fixes #28358.
2023-07-14sd-journal: fix 'the the'Yu Watanabe1-2/+1
2023-07-14proc-cmdline: re-implement proc_cmdline_filter_pid1_args() without using ↵Yu Watanabe1-35/+67
getopt_long() If getopt_long() is called for a list of arguments and it is freed, then calling getopt_long() for another list will trigger use-after-free. The function proc_cmdline_filter_pid1_args() may be called before or during parsing program arguments (typically named as parse_argv()), hence we cannot use getopt_long() in proc_cmdline_filter_pid1_args(). Fixes #28366.
2023-07-14test: add more test cases for proc_cmdline_filter_pid1_args()Yu Watanabe1-5/+38
2023-07-14core: fix race condition during startup of a service with ExitType=cgroupFuminobu TAKEYAMA1-2/+7
This commit allows service_sigchld_event() is executed before service_dispatch_exec_io(), which might happen when a main process exits very quickly. Also do not check PID for service goodness because the main process have already been exited in this case. Fix: #27919
2023-07-13fstab-generator: resolve bind mount source when in initrdMike Yuan1-27/+53
We currently prepend /sysroot to mount points for entries in /sysroot/etc/fstab. But when it comes to bind mounts, the source needs to canonicalized too. Fixes #6827 Replaces #7894
2023-07-13fstab-util: add fstab_is_bindMike Yuan3-8/+16
2023-07-13ukify: Derive public key from private key if not specifiedDaan De Meyer2-38/+46
2023-07-13bus-polkit: avoid extra variableDavid Tardon1-6/+6
2023-07-13bus-polkit: allow to auth. a bus call for multiple actionsDavid Tardon1-53/+87
In #20155, verify_shutdown_creds() needs to authenticate for both org.freedesktop.login1.hibernate-multiple-sessions and org.freedesktop.login1.hibernate-ignore-inhibit . Previously, the second authentication attempt would fail with -ESTALE. Fixes #20155.
2023-07-13bus-polkit: parse reply from polkit on receiveDavid Tardon1-44/+77
... and store just the result.
2023-07-13bus-polkit: extract action into a separate structDavid Tardon1-7/+24
This is a preparation for later commits.
2023-07-13bus-polkit: describe async. polkit verificationDavid Tardon1-0/+74
2023-07-13bus-polkit: refactor a bit to avoid gotoDavid Tardon1-11/+20
2023-07-13bus-polkit: drop unused argumentDavid Tardon1-3/+1
2023-07-13bus-polkit: use automatic cleanupDavid Tardon1-13/+10