| Commit message (Collapse) | Author | Files | Lines |
|
Add support for systemd-fido2 based LUKS2 device activation
via libcryptsetup plugin. This make the feature (fido2 sealed
LUKS2 keyslot passphrase) usable from both systemd utilities
and cryptsetup cli.
The feature is configured via -Dlibcryptsetup-plugins combo
with default value set to 'auto'. It get's enabled automatically
when cryptsetup 2.4.0 or later is installed in build system.
|
|
Currently translated at 0.5% (1 of 189 strings)
Co-authored-by: Hela Basa <r45xveza@pm.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/si/
Translation: systemd/main
|
|
input_size may be zero.
Fixes #20469.
|
|
|
|
Follow-up for 406041b7de767316674eb6a2f98ad466577ce8a4.
Also, this makes
- the settings accept an empty string,
- if the specified value is too large, also use the advertised maximum
value.
- mention the range of the value in the man page.
|
|
|
|
Reword the intro to the document, as portable services are a stable interface
and no longer a preview.
|
|
|
|
|
|
"max" indicates the hardware advertised maximum queue buffer size
should be used.
The max sizes can be checked by running `ethtool -g <dev>` (Preset maximums).
Since the buffer sizes can't be set to 0 by users, internally we use 0 to
indicate that the hardware advertised maximum should be used.
|
|
Previously, when Priority= is unspecified, networkd configured the rule with
the highest (=0) priority. This commit makes networkd distinguish the case
the setting is unspecified and one explicitly specified as Priority=0.
Note.
1) If the priority is unspecified on configure, then kernel dynamically picks
a priority for the rule.
2) The new behavior is consistent with 'ip rule' command.
Replaces #15606.
|
|
As net_setup_link builtin requires that a device action is set for the
sd_device object.
|
|
prefix route
|
|
passthru MACV{LAN,TAP}
|
|
|
|
|
|
|
|
|
|
|
|
In some cases image names are unpredictable - some orchestrators/deployment
tools like to mangle names to suit their internal formats. In these cases,
the requirement that the extension-release file matches exactly the image
name where it's contained cannot work.
Allow falling back to loading the first regular file which name starts with
'extension-release' located in /usr/lib/extension-release.d/ and tagged with
a user.extension-release.strict extended attribute with a true value, if the
one with the expected name cannot be found.
|
|
|
|
Firmware likes to draw the EFI provided cursor in a weird way that
makes it invisible sometimes. This is even more likely to happen
if unusual colors are picked. It also fails to draw attention to the
user by being very small and not blinking.
Additionally, to make it more clear that we are in edit mode, we
now default to inverting the general default color and use that for
our line edit.
Fixes: #19301
|
|
Fixes: #10139
|
|
Making keys case insensitive should help if caps lock is on.
We are not advertising them at runtime or in the manual to
reduce the noise.
This also hides the quit and version commands from the help
string. They are mostly for devs and otherwise have little
to no use to normal users. The latter overlaps with print
status which is still advertised.
|
|
|
|
|
|
Fixes: #18072
|
|
Let's unify how we remove secrets from the env block.
|
|
|
|
Fixes: #18421 #15903
|
|
This basically does what the previous two commits did for systemd-import
+ systemd-pull but for systemd-import-fs.
This commit is a bit simpler though, as a --direct mode doesn't change
that much. It's mostly about not searching for existing, conflicting
images and not much else.
|
|
verification
This does what the previous commit did for systemd-import the same way
for systemd-pull.
It also adds one more thing: the checksum validation is extended, in
addition of doing SHA256SUMS/gpg verification it is now possible to
immediately specify a hash value on the command line that the download
needs to match. This is particularly useful in --direct mode as we can
download/decompress/unpack arbitrary files and check the hash of the
downloaded file on-the-fly.
|
|
on/off
This reworks/modernizes the tar/raw import logic and adds the following
new features:
- Adds the ability to control btrfs subvol and quota behaviour which was
previously always on via an env var and cmdline arg
- Adds control whether to sync() stuff after writing it, similar via env
var + cmdline arg
- Similar, the QCOW2 unpacking logic that was previously the implied
default may now be controlled via env var + cmdline arg.
- adds a "direct" mode. In this mode, the systemd-import tool can be
used as a simple tool for decompressing/unpacking/installing arbitrary
files, without all the additional meta data and auxiliary resources,
i.e. outside of the immediate disk image context. Via the new
--offset= and --size-max= switches the downloaded data can be written
to specific locations of a file (which is particularly useful to use
the tool to download fs images and write them to a partition location
before actually creating the partition).
We'll later use the latter feature for "sysupdate" concept, where images
can be directly be written to partitions. That way the systemd-import
binary will be used as backend for both "systemd-importd" and
"systemd-sysupdate" and share most of the same code.
|
|
This adds a bit of generic helper tools for installing files/dir trees.
"installing" is supposed to mean the final step when preparing a disk
image or directory tree, where the result is renamed to its final name.
It has some bells and whistles, as it is able to replace existing files
sanely, can fsync() things carefully and can mark things read-only in a
nice way.
This is supposed to be generic, unified code that can be used eventually
for any of our tools that prepare disk images/directory trees, including
importd, nspawn's --template= mechanism, the discover-image.c logic,
and more.
|
|
Currently translated at 100.0% (189 of 189 strings)
Co-authored-by: Gustavo Costa <xfgusta@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pt_BR/
Translation: systemd/main
|
|
Sometimes, both job and nop_job are deserialized. In this case,
if we only cold plug the job, the nop_job will also stuck in the
job list.
|
|
Fixes: #13967
|
|
promiscuous mode
While we haven't implemented a key for users to set MACVLAN/MACVTAP flags,
we can at least allow them to make use of the Promiscuous= key of
the corresponding link to set the nopromisc flag.
|
|
|
|
|
|
|
|
|
|
|
|
Closes #19424 and #20435.
|
|
See can_get_bittiming() in drivers/net/can/dev/bittiming.c of kernel.
|
|
Note that this slightly breaks backward compatibility when
Termination=1. Previously, this is handled as boolean true, then 120 ohm
was used. But now with this commit, it is handled as 1 ohm.
|
|
|
|
|
|
|
|
|