summaryrefslogtreecommitdiffstats
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
* udev: fix memleakYu Watanabe2020-12-211-1/+2
| | | | Fixes #18039.
* journal-importer: ignore invalid field at one more placeYu Watanabe2020-12-211-0/+10
| | | | | Fixes oss-fuzz#28817. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28817
* cryptenroll: drop an unused variableFrantisek Sumsal2020-12-201-1/+1
| | | | | | | | Fixes following warning/error w/ clang: ../src/cryptenroll/cryptenroll-tpm2.c:64:64: error: unused variable 'a' [-Werror,-Wunused-variable] _cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *a = NULL; ^ 1 error generated.
* tmpfiles: fix typoYu Watanabe2020-12-181-1/+1
| | | | Follow-up for 94566540e3863032df3a8a89f948b94d764ca2b4.
* Merge pull request #18019 from yuwata/hostname-drop-libudevYu Watanabe2020-12-181-1/+0
|\ | | | | hostname: fix build failure
| * hostname: fix build failureYu Watanabe2020-12-181-1/+0
| | | | | | | | | | | | Follow-up for b9d8069832425b34211a6812e06537e0c50d46b6. libudev.h was dropped from most of our binaries.
* | memory-id: fix never hit conditionYu Watanabe2020-12-181-2/+5
|/ | | | As sizeof(int64_t) is always 8.
* Merge pull request #15531 from felipeborges/add-device-model-field-to-hostnamedLennart Poettering2020-12-182-0/+64
|\ | | | | hostnamed: Add "Model" field
| * hostnamed: Expose dmi "Vendor" and "Model" fieldsFelipe Borges2020-12-042-0/+64
| | | | | | | | See #15493
* | networkd: add RouteDenyListDevon Pringle2020-12-184-13/+32
| | | | | | | | | | | | | | Allow configuration for IPv6 discovered routes to be ignored instead of adding them as a route. This can be used to block unwanted routes, for example, you may wish to not receive some set of routes on an interface if they are causing issues.
* | Merge pull request #18015 from keszybz/dmi-test-mesonification2Yu Watanabe2020-12-181-9/+17
|\ \ | | | | | | Dmi test mesonification2
| * | meson: make each dmidecode a separate testZbigniew Jędrzejewski-Szmek2020-12-171-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | This allows them to be executed in parallel and also gives us better reporting. The dump files are renamed to avoid repeating "dmidecode-dump", since that string is already present in the subdirectory name.
* | | Merge pull request #18011 from yuwata/trivial-fixesYu Watanabe2020-12-1817-39/+45
|\ \ \ | | | | | | | | Trivial fixes for recently merged PRs
| * | | netlink: fix size of fib rule messagesYu Watanabe2020-12-181-3/+3
| | | |
| * | | meson: sort filesYu Watanabe2020-12-181-2/+2
| | | |
| * | | nspawn: sort headersYu Watanabe2020-12-181-2/+1
| | | |
| * | | netlink: fix indentationYu Watanabe2020-12-181-4/+5
| | | |
| * | | netlink: drop unnecessary error handlingYu Watanabe2020-12-181-6/+3
| | | |
| * | | netlink: use whitespace instead of tabYu Watanabe2020-12-181-1/+1
| | | |
| * | | sd-netlink: add several assertionsYu Watanabe2020-12-182-1/+3
| | | |
| * | | sd-netlink: replace *messages[] -> **messagesYu Watanabe2020-12-184-4/+4
| | | |
| * | | meson: add missing headersYu Watanabe2020-12-181-0/+4
| | | |
| * | | network: move variable declarationYu Watanabe2020-12-181-2/+2
| | | |
| * | | tree-wide: fix typoYu Watanabe2020-12-187-14/+17
| | | |
* | | | Merge pull request #17693 from yuwata/tmpfiles-compress-nocow-on-btrfsYu Watanabe2020-12-183-31/+70
|\ \ \ \ | | | | | | | | | | tmpfiles: try to set file attributes one by one
| * | | | tmpfiles: try to set file attributes one by oneYu Watanabe2020-12-181-5/+9
| | | | | | | | | | | | | | | | | | | | Closes #17690.
| * | | | chattr-util: introduce fallback mode to set file attributes one by oneYu Watanabe2020-12-182-26/+61
| |/ / /
* | | | Merge pull request #18009 from poettering/time-set-sync-targetYu Watanabe2020-12-182-4/+12
|\ \ \ \ | |/ / / |/| | | tweaks for time-sync.target and time-set.target
| * | | core: order timer units after both time-sync.target and time-set.targetLennart Poettering2020-12-172-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If users do not enable a service like systemd-time-wait-sync.target (because they don't want to delay boot for external events, such as an NTP sync), then timers should still take the the weaker time-set.target feature into account, so that the clock is at least monotonic. Hence, order timer units after both of the targets: time-sync.target *and* time-set.target. That way, the right thing will happen regardless if people have no NTP server (and thus also no systemd-time-wait-sync.service or equivalent) or, only have an NTP server (and no systemd-time-wait-sync.service), or have both. Ordering after time-set.target is basically "free". The logic it is backed by should be instant, without communication with the outside going on. It's useful still so that time servers that implement the timestamp from /var/ logic can run in later boot.
* | | | network: Allow to configure unreachable/blackhole RoutingPolicyRule (#17984)Susant Sahani2020-12-184-13/+97
| | | |
* | | | fido2: when listing fido2/hmac-secret devices, actually validate feature setLennart Poettering2020-12-171-4/+45
| | | |
* | | | test: add tpm2 and fido2 libs to dlopen testLennart Poettering2020-12-171-0/+10
| | | |
* | | | repart: optionally lock encrypted partitions to TPM2Lennart Poettering2020-12-171-20/+141
| | | | | | | | | | | | | | | | | | | | This useful for bootstrapping encrypted systems: on first boot let's create a /var/ partition that is locked to the local TPM2.
* | | | string-table: add private version of lookup macro with boolean fallbackLennart Poettering2020-12-171-0/+1
| | | |
* | | | cryptsetup: add support for TPM2 unlocking of volumesLennart Poettering2020-12-173-4/+470
| | | |
* | | | cryptenroll: support listing and wiping tokensLennart Poettering2020-12-176-22/+735
| | | |
* | | | cryptenroll: add support for TPM2 enrollingLennart Poettering2020-12-176-0/+1259
| | | |
* | | | json: add APIs for quickly inserting hex blobs into as JSON stringsLennart Poettering2020-12-172-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | This is similar to the base64 support, but fixed-size hash values are typically preferably presented as series of hex values, hence store them here like that too.
* | | | sort-util: make cmp_int() generic, so that we can reuse it elsewhereLennart Poettering2020-12-173-4/+6
| | | |
* | | | cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 ↵Lennart Poettering2020-12-179-0/+799
| | | | | | | | | | | | | | | | security tokens
* | | | cryptsetup: add fido2 supportLennart Poettering2020-12-173-4/+454
| | | |
* | | | fido2: don't use up/uv/rk when device doesn't support itLennart Poettering2020-12-172-74/+137
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Apparently devices are supposed to generate failures if we try to turn off features they don't have. Thus don't. Prompted-by: https://github.com/systemd/systemd/issues/17784#issuecomment-737730395
* | | | homed: split out HMAC-HASH fido2 decode code into src/shared/Lennart Poettering2020-12-173-180/+265
| | | | | | | | | | | | | | | | | | | | That way we can use it later on in systemd-cryptsetup to unlock devices with FIDO2 tokens.
* | | | homed: move fido2 setup code to src/shared/Lennart Poettering2020-12-173-245/+331
| | | | | | | | | | | | | | | | That way we can reuse it from systemd-cryptenroll
* | | | homed: move fido2 device enumeration logic to shared codeLennart Poettering2020-12-175-141/+143
| | | |
* | | | homed: turn libfido2 into a dlopen() type dependencyLennart Poettering2020-12-175-103/+312
| | | |
* | | | cryptsetup: split up attach_luks_or_plain_or_bitlk() into smaller functionsLennart Poettering2020-12-171-180/+250
| | | | | | | | | | | | | | | | Just some refactoring.
* | | | cryptsetup: read PKCS#11 key and token info from LUKS2 metadataLennart Poettering2020-12-174-13/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Optionally, embedd PKCS#11 token URI and encrypted key in LUKS2 JSON metadata header. That way it becomes very easy to unlock properly set up PKCS#11-enabled LUKS2 volumes, a simple /etc/crypttab line like the following suffices: mytest /dev/disk/by-partuuid/41c1df55-e628-4dbb-8492-bc69d81e172e - pkcs11-uri=auto Such a line declares that unlocking via PKCS#11 shall be attempted, and the token URI and the encrypted key shall be read from the LUKS2 header. An external key file for the encrypted PKCS#11 key is hence no longer necessary, nor is specifying the precise URI to use.
* | | | cryptsetup: be more careful with erasing key material from memoryLennart Poettering2020-12-171-4/+5
| | | |
* | | | cryptsetup: split code that allocates udev security device monitor into its ↵Lennart Poettering2020-12-171-14/+28
| | | | | | | | | | | | | | | | own function
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 13:42:23 +0100