The idea is to make it easy to generate all the signing key and certs
that can be used for local signing. The verb is the modeled after
'mkosi genkey', but there are some important differences: we generate
the keys to the paths where they will be read from, both pcr signing
keys and the SecureBoot certificate+key.
If any of the outputs exist, operation is refused. Maybe we could add a
--force option in the future, but this operation should be rare, so I think
it's better to refuse to overwrite anything initially.
I'm only doing a token man page change here.
https://github.com/systemd/systemd/pull/27621 reworks the man page,
and the changes done here would conflict heavily with that work. I'll
submit a follow-up patch later.
tree-wide: when in doubt use greek small letter mu rather than micro symbol
Doesn't really matter since the two unicode symbols are supposedly
equivalent, but let's better follow the unicode recommendations to
prefer greek small letter mu, as per:
time-util,socket: accept both kinds of unicode µ symbols
Apparently there are two µ symbols, accept both when parsing.
One is the greek small letter mu (μ) the other is the micro sign (µ).
Unicode recommendation considers both equivalent, and says use of greek
small letter mu is preferred. See:
Yu Watanabe [Fri, 13 Jan 2023 04:25:43 +0000 (13:25 +0900)]
udev-node: optimize device node symlink creation
If multiple devices requested the same device node symlink with the same
priority, then previously we read O(N^2) of files saved in
/run/udev/links.
This makes if the requested symlink already exists with equal or higher
priority, then the symlink is kept, and skip to read all existing files,
except for one related to the current device node, in /run/udev/links.
Hence, the total amount of file read becomes O(N).
This improves performance of testcase_simultaneous_events_2 added by the
previous commit about 30%.
Before (32.8 sec):
```
## 3 iterations start: 11:13:44.690953163
## 3 iterations end: 11:14:17.493974927
```
After (23.8 sec):
```
## 3 iterations start: 11:17:53.869938387
## 3 iterations end: 11:18:17.624268345
```
This is based on the idea and analysis by Franck Bui.
Daan De Meyer [Tue, 13 Jun 2023 13:52:03 +0000 (15:52 +0200)]
repart: Store dm_name in DecryptedPartitionTarget
This means we don't have to do a fallible allocation in the
DecryptedPartitionTarget destructor. Also use log_warning_error_errno()
for the failure we ignore in the destructor.
Daan De Meyer [Thu, 8 Jun 2023 15:50:05 +0000 (17:50 +0200)]
mkosi: Remove explicit /testok check
vsock should work properly after the latest release of mkosi. But
to make sure it works, let's exit with 123 in case of success and
check for that in Github Actions.
Daan De Meyer [Tue, 13 Jun 2023 08:26:00 +0000 (10:26 +0200)]
sd-daemon: Add vsock fallback to SOCK_STREAM
SOCK_SEQPACKET is only supported on recent kernels. Let's add a
fallback to SOCK_STREAM if it is not supported.
To accomodate SOCK_STREAM, we also modify
pid_notify_with_fds_internal() to do sendmsg() in a loop as with
SOCK_STREAM, sendmsg() is not guaranteed to write all data in a single
syscall or fail otherwise.
test: merge TEST-61-UNITTESTS-QEMU with TEST-02-UNITTESTS
The test was originally introduced for Ubuntu CI, as it uses
PREFER_NSPAWN=1, but it was subsequently disabled two years ago [0], so
it was pretty much useless. Let's merge it into TEST-02 and tweak it a
bit to run only certain tests under QEMU when $TEST_PREFER_NSPAWN is
set.
Frantisek Sumsal [Mon, 12 Jun 2023 19:05:30 +0000 (21:05 +0200)]
proc-cmdline: parse the whole /proc/cmdline
The kernel command line may contain newlines which kernel happily
accepts, but we'd ignore everything past the first newline. Let's fix
that by replacing read_one_line_file() with read_full_file().
tmpfile-util: turn last parameter of link_tmpfile() into a proper flags
This changes a boolean param into a proper bitflag field.
Given this only defines a single flag for now this doesn't look like
much of an improvement. But we'll add another flag shortly, where it
starts to make more sense.
resolved: add DumpCache varlink call for acquiring a complete dump of all of resolved's RR caches
This adds a simple varlink call io.systemd.Resolve.Monitor.DumpCache to
the existing io.systemd.Resolve.Monitor service. It compiles a JSON
object containing the per-scope cache entries and returns it.
Jan Janssen [Mon, 12 Jun 2023 13:12:05 +0000 (15:12 +0200)]
boot: Unify protocol opening
We are using HandleProtocol everywhere except in these few cases. This
unifies on HandleProtocol as it is simpler to use and equivalent to
OpenProtocol.
The only difference between the two is that OpenProtocol attributes the
opened protocol to a firmware-owned handle instead of our image handle.
This has no real use for regular UEFI applications as any protocols
opened via BY_HANDLE or GET_PROTOCOL is not required to be closed. In
fact, when a protocol is uninstalled it will do nothing more than reduce
the open count for these.
This is identical to json_dispatch_variant() but doesn't increase the
ref counter of the variant. This is useful for taking JSON objects apart
locally without the intention to keep any component pinned for longer
than the local stack frame.
This simplifies the logic: finalize_options() is the step that does the
checks and the mangling. The checks for consistency are done in more places,
so we need to pass a verb (we only have 'build', but once we add other verbs,
any would do).
This changes the generated config.h file thusly:
-#define _GNU_SOURCE
+#define _GNU_SOURCE 1
Canonically, _GNU_SOURCE is just defined, without any value, but g++ defines
_GNU_SOURCE implicitly [1]. This causes a warning about a redefinition during
complilation of C++ programs after '-include config.h'. Our config attempts to
inject this (and a bunch of other arguments) into all compliations. But before
meson 0.54, flags for dependencies were not propagated correctly (*), and the C++
compilation was done without various flags (**). Once that was fixed, we started
getting a warning.
[1] http://gcc.gnu.org/onlinedocs/libstdc++/faq.html#faq.predefined
(*) Actually, the changelog doesn't say anything. But it mentions various work
related to dependency propagation, and apparently this changes as a side
effect.
(**) -fno-strict-aliasing
-fstrict-flex-arrays=1
-fvisibility=hidden
-fno-omit-frame-pointer
-include config.h
This could be solved in various ways, but it'd require either making the
compilation command line longer, which we want to avoid for readability of the
build logs, or splitting the logic to define the args for C++ progs separately,
which would make our meson.build files more complicated. Changing the
definition to '1' also solves the issue (because apparently now we match the
implicit definition), and shouldn't have other effects. I checked compilation
with gcc and clang. Maybe on other systems this could cause problems. We can
revisit if people report issues.
The current start + stop timeouts for xdg autostart files are *very*
short with 5s. On a busy system this might be too easy to hit even in
unintended case.
Apparently, the intention here was to cut the shutdown logic short.
(https://github.com/systemd/systemd/issues/27919#issuecomment-1580576178)
Let's hence stick to the very short timeout for that (under the
assumption that apps are written in a safe enough style to not lose data
if killed too early). But for starting XGD autostrat services, use our
regular timeouts.
Alfred Klomp [Thu, 8 Jun 2023 11:26:24 +0000 (13:26 +0200)]
integritysetup: support mode=(journal|bitmap|direct)
Add a parameter to the integritytab file to set the mode in which to
open the integrity volume. The mode can be journaled (the default),
bitmap without a journal, or direct mode without a journal or a bitmap.
This change removes the `no-journal' option because it is redundant,
being replaced with `mode=direct'.
Supercedes commit bcc1ee56c, from a week ago, which implemented
`no-journal'.
Daan De Meyer [Fri, 13 Jan 2023 15:22:46 +0000 (16:22 +0100)]
creds: Add ImportCredential=
ImportCredential= takes a credential name and searches for a matching
credential in all the credential stores we know about it. It supports
globs which are expanded so that all matching credentials are loaded.
Dan Streetman [Fri, 17 Feb 2023 17:59:18 +0000 (12:59 -0500)]
tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template()
Add functions to get either the 'legacy' or standard SRK template, for RSA or
ECC. The 'legacy' templates are those used with earlier code, where a transient
key was created to use for tpm sealing; the standard SRK is the persistent
shared key as defined in TCG guidance docs.
This also replaces tpm2_get_primary_template() with the new functions; that
function's use of flags is confusing and unnecessary.
Add tpm2_get_capability_handle() to query if a "TPM handle" (meaning, a
location/address in TPM storage) is populated in the TPM, and
tpm2_get_capability_handles() to query for a specific number of handles.
Add tpm2_esys_handle_from_tpm_handle() to create an "esys handle" (an opaque
reference for use with the TPM EAPI that represents a TPM handle address) for an
existing TPM handle.
Since the TPM handle already exists in the TPM, this also also requires
updating the cleanup code for Tpm2Handle objects to close the object (free its
resources only from the EAPI code, but leave the handle in the TPM) instead of
flush the object (which frees its EAPI resources and removes it from the TPM).