summaryrefslogtreecommitdiffstats
path: root/units (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* tpm2-setup: add new early boot tool for initializing the SRKLennart Poettering2023-09-293-0/+56
| | | | | | | | | | | | | | | | | | | This adds an explicit service for initializing the TPM2 SRK. This is implicitly also done by systemd-cryptsetup, hence strictly speaking redundant, but doing this early has the benefit that we can parallelize this in a nicer way. This also write a copy of the SRK public key in PEM format to /run/ + /var/lib/, thus pinning the disk image to the TPM. Making the SRK public key is also useful for allowing easy offline encryption for a specific TPM. Sooner or later we should probably grow what this service does, the above is just the first step. For example, the service should probably offer the ability to reset the TPM (clear the owner hierarchy?) on a factory reset, if such a policy is needed. And we might want to install some default AK (?). Fixes: #27986 Also see: #22637
* Merge pull request #29345 from poettering/measured-uki-conditionLennart Poettering2023-09-276-12/+6
|\ | | | | pid1: introduce ConditionSecurity=measured-uki
| * units: move units over to ConditionSecurity=measured-ukiLennart Poettering2023-09-276-12/+6
| |
* | units/blockdev@.target: conflict with umount.targetMike Yuan2023-09-271-0/+4
|/ | | | | | | | | | | | | | | Follow-up for d120ce478dc0043c89899799b5c1aaf62901bea9 blockdev@.target is used as a synchronization point between the mount unit and corresponding systemd-cryptsetup@.service. After the mentioned commit, it doesn't get a stop job enqueued during shutdown, and thus the stop job for systemd-cryptsetup@.service could be run before the mount unit is stopped. Therefore, let's make blockdev@.target conflict with umount.target, which is also what systemd-cryptsetup@.service does. Fixes #29336
* Revert "userdbd: Order systemd-userdbd.service after systemd-remount-fs.service"Lennart Poettering2023-09-271-1/+1
| | | | This reverts commit 9dd88582813b6dbeea6ce336f70cae681e6cbfc6.
* oomd: correct listening socketsLennart Poettering2023-09-251-1/+1
| | | | | | | | | | | So, unfortunately oomd uses "io.system." rather than "io.systemd." as prefix for its sockets. This is a mistake, and doesn't match the Varlink interface naming or anything else in oomd. hence, let's fix that. Given that this is an internal protocol between PID1 and oomd let's simply change this without retaining compat.
* pcrphase: rename binary to pcrextendLennart Poettering2023-09-256-9/+9
| | | | | | | | | | | | | | | | | | | The tool initially just measured the boot phase, but was subsequently extended to measure file system and machine IDs, too. At AllSystemsGo there were request to add more, and make the tool generically accessible. Hence, let's rename the binary (but not the pcrphase services), to make clear the tool is not just measureing the boot phase, but a lot of other things too. The tool is located in /usr/lib/ and still relatively new, hence let's just rename the binary and be done with it, while keeping the unit names stable. While we are at it, also move the tool out of src/boot/ and into its own src/pcrextend/ dir, since it's not really doing boot related stuff anymore.
* repart: Don't fail on boot if we can't find the root block deviceDaan De Meyer2023-09-221-0/+2
| | | | | | When booting from virtiofs, we won't be able to find a root block device. Let's gracefully handle this similar to how we don't fail if we can't find a GPT partition table.
* treewide: fix typosJoerg Behrmann2023-09-191-2/+2
| | | | | | - mostly: usecase -> use case - continously -> continuously - single typos in docs/FILE_DESCRIPTOR_STORE.md
* units: order battery-check before hibernate-resumeMike Yuan2023-09-071-1/+1
|
* hibernate-resume: split out the logic of finding hibernate locationMike Yuan2023-09-072-0/+28
| | | | | | | | | | | | | | | | | | | Before this commit, the hibernate location logic only exists in the generator. Also, we compare device nodes (devnode_same()) and clear EFI variable HibernateLocation in the generator too. This is not ideal though: when the generator gets to run, udev hasn't yet started, so effectively devnode_same() always fails. Moreover, if the boot process is interrupted by e.g. battery-check, the hibernate information is lost. Therefore, let's split out the logic of finding hibernate location. The generator only does the initial validation of system info and enables systemd-hibernate-resume.service, and when the service actually runs we validate everything again, which includes comparing the device nodes and clearing the EFI variable. This should make things more robust, plus systems that don't utilize a systemd-enabled initrd can use the exact same logic to resume using the EFI variable. I.e., systemd-hibernate-resume can be used standalone.
* userdbd: Order systemd-userdbd.service after systemd-remount-fs.serviceVictor Westerhuis2023-09-041-1/+1
| | | | | | | | Otherwise the root filesystem might still be readonly and systemd-userdbd fails to start. Explicitly pick systemd-remount-fs.service instead of local-fs-pre.target to prevent a dependency cycle.
* bsod: several cleanupsYu Watanabe2023-08-222-5/+5
| | | | | | | - add reference to the service unit in the man page, - fix several indentation and typos, - replace '(uint64_t) -1' with 'UINT64_MAX', - drop unnecessary 'continue'.
* Merge pull request #28697 from 1awesomeJ/new_bsodLuca Boccassi2023-08-182-0/+26
|\ | | | | systemd-bsod: Add "--continuous" option
| * systemd-bsod: Add "--continuous" optionOMOJOLA JOSHUA2023-08-172-0/+26
| |
* | units: introduce systemd-tmpfiles-setup-dev-early.serviceYu Watanabe2023-08-126-3/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes tmpfiles, sysusers, and udevd invoked in the following order: 1. systemd-tmpfiles-setup-dev-early.service Create device nodes gracefully, that is, create device nodes anyway by ignoring unknown users and groups. 2. systemd-sysusers.service Create users and groups, to make later invocations of tmpfiles and udevd can resolve necessary users and groups. 3. systemd-tmpfiles-setup-dev.service Adjust owners of previously created device nodes. 4. systemd-udevd.service Process all devices. Especially to make block devices active and can be mountable. 5. systemd-tmpfiles-setup.service Setup basic filesystem. Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06. Fixes #28653. Replaces #28681 and #28732.
* | Revert "unit: make udev rules really take precedence over tmpfiles"Yu Watanabe2023-08-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commits 112a41b6ece19d03e951d886fe2f26512ab31fab, 3178698bb5352989e4bff866641838b1c2a0efcb, and b768379e8b494b025f41946205944a6f3a1a553f. The commit 112a41b6ece19d03e951d886fe2f26512ab31fab introduces #28765, as systemd-tmpfiles-setup.service has ordering after local-fs.target, but usually the target requires block devices processed by udevd. Hence, the service can only start after the block devices timed out. Fixes #28765.
* | unit: make udev rules really take precedence over tmpfilesYu Watanabe2023-08-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Follow-up for b42482af904ae0b94a6e4501ec595448f0ba1c06. The commit makes systemd-tmpfiles-setup.service also updates the permission or owner of device nodes. However, the service does not have ordering for systemd-udevd.service. So, the service may set different permission from the one udevd already set. Fixes #28653. Replaces #28681.
* | Revert "unit: make udev rules take precesence over tmpfiles"Yu Watanabe2023-08-091-1/+0
| | | | | | | | | | | | | | This reverts commit 31845ef554877525dc4ff4f25ad11ad805ebf81c. systemd-tmpfiles-setup-dev.service has Before=systemd-udevd.service. So the commit does not change anything.
* | meson: use install_emptydir() and drop meson-make-symlink.shYu Watanabe2023-08-082-57/+16
| | | | | | | | | | | | The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'. Let's replace it with install_emptydir() builtin function and inline meson call.
* | units/initrd-parse-etc.service: Conflict with emergency.targetFabian Vogt2023-08-081-0/+2
|/ | | | | | | | | | | | | If emergency.target is started while initrd-parse-etc.service/start is queued, the initrd-parse-etc job did not get canceled. In parallel to the emergency units, it eventually runs the service, which starts initrd-cleanup.service, which in turn isolates initrd-switch-root.target. This stops the emergency units and effectively starts the initrd boot process again, which likely fails again like the initial attempt. The system is thus stuck in an endless loop, never really reaching emergency.target. With this conflict added, starting emergency.target automatically cancels initrd-parse-etc.service/start, avoiding the loop.
* unit: make udev rules take precesence over tmpfilesYu Watanabe2023-08-041-0/+1
| | | | | | | | | | Without this change, there are no ordering between udevd and tmpfiles, and if tmpfiles is invoked later it may discard the permission set by udevd. Fixes an issue introduced by b42482af904ae0b94a6e4501ec595448f0ba1c06. Fixes #28588 and #28653.
* Revert "units: Import all repart credentials in systemd-repart.service"Daan De Meyer2023-08-011-1/+0
| | | | This reverts commit ed6b99dbf121f8ad3e68a1eb8e2fff4d4bdf3066.
* units: Import all repart credentials in systemd-repart.serviceDaan De Meyer2023-08-011-0/+1
|
* Drop split-usr and unmerged-usr supportLuca Boccassi2023-07-2865-76/+76
| | | | | | | | | | As previously announced, execute order 66: https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html The meson options split-usr, rootlibdir and rootprefix become no-ops that print a warning if they are set to anything other than the default values. We can remove them in a future release.
* units: Load agetty credentials in all getty unitsDaan De Meyer2023-07-274-0/+8
| | | | | | In it's latest release, agetty will support reading the agetty.autologin and login.noauth credentials, so let's make sure we import those in our getty units so they're available to agetty to read.
* units: Add --graceful flag to pcrphase unitsDaan De Meyer2023-07-173-3/+3
| | | | | | | Some of the new units using systemd-pcrphase are missing the --graceful flag which causes them to error if the tpm libraries are not installed. Add --graceful just like in the other pcrphase units to make systemd-pcrphase exit gracefully if the tpm libraries are missing.
* Merge pull request #27867 from keszybz/vconsole-reload-againLuca Boccassi2023-07-152-2/+15
|\ | | | | Restore ordering between vconsole-setup and firstboot services
| * units/systemd-vconsole-setup: suppress error when service is restartedZbigniew Jędrzejewski-Szmek2023-07-131-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The service has Type=oneshot, which means that the default value of SuccessExitStatus=0. When multiple vtcon devices are detected, udev will restart the service after each one. If this happens quickly enough, the old instance will get SIGTERM while it is still running: [ 5.357341] (udev-worker)[593]: vtcon1: /usr/lib/udev/rules.d/90-vconsole.rules:12 RUN '/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service [ 5.357439] (udev-worker)[593]: vtcon1: Running command "/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service" [ 5.357485] (udev-worker)[593]: vtcon1: Starting '/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service' [ 5.357537] (udev-worker)[609]: vtcon0: /usr/lib/udev/rules.d/90-vconsole.rules:12 RUN '/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service [ 5.357587] (udev-worker)[609]: vtcon0: Running command "/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service" [ 5.357634] (udev-worker)[609]: vtcon0: Starting '/usr/bin/systemctl --no-block restart systemd-vconsole-setup.service' ... [ 5.680529] systemd[1]: systemd-vconsole-setup.service: Trying to enqueue job systemd-vconsole-setup.service/restart/replace [ 5.680565] systemd[1]: systemd-vconsole-setup.service: Merged into running job, re-running: systemd-vconsole-setup.service/restart as 557 [ 5.680600] systemd[1]: systemd-vconsole-setup.service: Enqueued job systemd-vconsole-setup.service/restart as 557 ... [ 5.682334] systemd[1]: Received SIGCHLD from PID 744 ((le-setup)). [ 5.682377] systemd[1]: Child 744 ((le-setup)) died (code=killed, status=15/TERM) [ 5.682407] systemd[1]: systemd-vconsole-setup.service: Child 744 belongs to systemd-vconsole-setup.service. [ 5.682436] systemd[1]: systemd-vconsole-setup.service: Main process exited, code=killed, status=15/TERM [ 5.682471] systemd[1]: systemd-vconsole-setup.service: Failed with result 'signal'. [ 5.682518] systemd[1]: systemd-vconsole-setup.service: Service will not restart (manual stop) [ 5.682552] systemd[1]: systemd-vconsole-setup.service: Changed stop-sigterm -> failed This is expected and not a problem. Let's treat SIGTERM as success so we don't get this spurious "failure".
| * units/systemd-firstboot: start the service after systemd-vconsole-setup.serviceZbigniew Jędrzejewski-Szmek2023-07-121-1/+8
| | | | | | | | | | | | | | This way, we don't start user interaction before (or while) the configured fonts are loading. Tweak the comments a bit while at it.
| * units/systemd-vconsole-setup.service: improve titleZbigniew Jędrzejewski-Szmek2023-07-121-1/+1
| | | | | | | | | | | | "Setup" is a noun, and the expected order is "<adjective> <noun>". ("Set up" is the verb. But we want a noun here, so that we can say e.g. "Starting Virtual Console Setup".)
* | battery-check: allow to skip by passing systemd.battery-check=0Yu Watanabe2023-07-141-0/+1
|/
* unit: also condition out systemd-backlight in initrdYu Watanabe2023-07-051-0/+2
| | | | | | | Follow-up for 9173d31dfea5c2b05ff08480972c499cb7aac940. The systemd-backlight@.service also save/restore state but the data is in /var/.
* units: condition out a few services in the initrdLennart Poettering2023-07-055-0/+7
| | | | | | | | | | | | | | | | Let's make our units more robust to being added to an initrd: 1. systemd-boot-update only makes sense if sd-boot is available in /usr/ to copy into the ESP. This is generally not the case in initrds, and even if it was, we shouldn't update the ESP from the initrd, but from the host instead. 2. The rfkill services save/restore rfkill state, but that information is only available once /var/ is mounted, which generally happens after the initrd transition. 3. utmp management is partly in /var/, and legacy anyway, hence don't bother with it in the initrd.
* units: skip systemd-battery-check in environments where it doesn't make senseLennart Poettering2023-07-031-1/+3
| | | | | | Let's condition the service so that it doesn't run where we aren't directly run on baremetal, or where no power sources are discovered at all.
* battery-check: rework unitLennart Poettering2023-06-302-3/+5
| | | | | | | | | | | | | | Let's rename the unit to systemd-battery-check.service. We usually want to name our own unit files like our tools they wrap, in particular if they are entirely defined by us (i.e. not just wrappers of foreign concepts) While we are at it, also hook this in from initrd.target, and order it against initrd-root-device.target so that it runs before the root device is possibly written to (i.e. mounted or fsck'ed). This is heavily inspired by @aafeijoo-suse's PR #28208, but quite different ;-)
* battery-check: several follow-upsYu Watanabe2023-06-291-1/+1
| | | | | | | | | | | | | | | | | | Follow-ups for e3d4148d50909119c4e9327e6ad96d3ca7f4661a. - add reference to initrd-battery-check.service in man page, and move its section from 1 to 8, - add link to man page in help message, - introduce ERRNO_IS_NO_PLYMOUTH(), - propagate error in battery_check_send_plymouth_message(), - rename battery_check_send_plymouth_message() -> plymouth_send_message(), - return earlier when the first battery level check passed to reduce indentation, - fix potential use of invalid fd on battery restored, - do not use emoji for /dev/console, - add simple test (mostly for coverity), etc, etc...
* PID1: detect battery level in initrd and if low refuse continuing to boot, ↵OMOJOLA JOSHUA2023-06-282-0/+25
| | | | print message and shut down.
* hibernate-resume: rework to follow the logic of sleep.c and useMike Yuan2023-06-232-26/+0
| | | | | | main-func.h Preparation for #27247
* tree-wide: use https for the 0pointer.de doc linksFrantisek Sumsal2023-06-234-4/+4
|
* meson: merge two similar loops for unit filesYu Watanabe2023-06-221-306/+660
| | | | | | | | This also merges two arrays units and in_units, and uses dictionary for declaring units. This also fixes the condition handling, that previously only two conditions were handled and rests were ignored.
* units: Use built-in halt and kexec features instead of systemctlDaan De Meyer2023-06-222-8/+2
|
* units: Use ImportCredential= where applicableDaan De Meyer2023-06-088-26/+19
|
* units: change TimeoutSec=0 to TimeoutSec=infinityLennart Poettering2023-06-066-6/+6
| | | | | | | Follow-up for #27936 Let's also update a bunch of static unit files, matching what we just did for the generators.
* pid1: add "soft-reboot" reboot methodLennart Poettering2023-06-023-0/+36
| | | | | | | | | | | | | | | This adds a new mechanism for rebooting, a form of "userspace reboot" hereby dubbed "soft-reboot". It will stop all services as in a usual shutdown, possibly transition into a new root fs and then issue a fresh initial transaction. The kernel is not replaced. File descriptors can be passed over, thus opening the door for leaving certain resources around between such reboots. Usecase: this is an extremely quick way to reset userspace fully when updating image based systems, without going through a full hardware/firmware/boot loader/kernel/initrd cycle. It minimizes "grayout time" for OS updates. (In particular when combined with kernel live patching)
* units: don't stop blockdev@.target unit at shutdownLennart Poettering2023-06-011-0/+1
| | | | | | | | | | | We want that cryptsetup/veritysetup devices can stick around until the very end, as well as the users of them which might depend on blockdev@.target for the devices. Hence leave the targets around till the very end. Note that their runtime is managed via StopWhenUnneeded= anyway, hence unless their are volumes that actually survive still the very end they target units will still be stopped.
* units: set DefaultDependencies=no for veritysetup sliceLennart Poettering2023-06-013-1/+15
| | | | | | | | | | | This mimics what we already have for cryptsetup services: the slice they are placed in (they have their own slice since that's what we do by default for instantiated services) shouldn't conflict with shutdown.target, so that veritysetup services can stay around until the very end (which is what we want for the root and usr verity volumes). It's literally just a copy of the same unit we already have for cryptsetup, just with an updated description string.
* units: pull in local-fs-pre.target from systemd-tmpfiles-setup-dev.serviceZbigniew Jędrzejewski-Szmek2023-05-311-0/+1
| | | | | | | | | local-fs-pre.target is a passive unit, which means that it is supposed to be pulled in by everything that is ordered before it. We had Before=local-fs-pre.target, so add Wants= too. I don't expect this to change anything. Instead, just make things follow the docs so it's easier to reason about the dependency set.
* Merge pull request #27787 from keszybz/firstboot-synchronous-restartMike Yuan2023-05-261-2/+2
|\ | | | | firstboot: make restart of vconsole-setup synchronuous
| * units: order systemd-firstboot after systemd-tmpfiles-setupZbigniew Jędrzejewski-Szmek2023-05-261-1/+1
| | | | | | | | | | | | | | | | | | We may copy files from factory to /etc. The default mkosi config has factory/etc/vconsole.conf. systemd-firstboot would race with tmpfiles-setup, and sometimes ask for the keymap, and sometimes not. I guess that if there are files in factory, we shouldn't ask the user for the same configuration.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 04:13:22 +0100