Also, address https://github.com/systemd/systemd/pull/24252#issuecomment-1208747320
by using a pre-defined e-mail address stored in the GH Action secrets.
exploide [Wed, 10 Aug 2022 15:35:21 +0000 (17:35 +0200)]
resolvctl: only remove protocol after last dot when mangling ifname for resolvconf
ifname_resolvconf_mangle is supposed to remove protocol suffixes like .dhcp
from interface names. But this removed also valid parts of the ifname like
VLAN IDs, e.g. enp2s0u4.72.dhcp -> enp2s0u4 instead of enp2s0u4.72
After this change, everything behind the last dot is removed instead of the first.
Daan De Meyer [Tue, 9 Aug 2022 18:31:29 +0000 (20:31 +0200)]
mkosi: Don't use InstallDirectory by default
While this provides some marginal speedup, the disadvantage is
that files are never removed when doing cached builds, which can
sometimes lead to hard to debug issues. So let's not do this by
default.
hwdb: Add Greaseweazle "drives" to the list of analyzers
They're floppy disk flux readers and writers used in digital
preservation and can be broadly considered to be "analyzers" of magnetic
fluxes.
This will have the intended side-effect of giving access to the device
to users at the console, obsoleting:
https://github.com/keirf/greaseweazle/blob/master/scripts/49-greaseweazle.rules
Luca BRUNO [Mon, 8 Aug 2022 15:56:06 +0000 (15:56 +0000)]
sysusers: properly process user entries with an explicit GID
This tweaks user creation logic to properly take into consideration
an explicitly requested GID.
It fixes a bug where the creation flow would mistakenly fall back
to use the username instead, resulting in wrong lookups in case of
users and groups using the same name.
Luca BRUNO [Mon, 8 Aug 2022 15:52:33 +0000 (15:52 +0000)]
sysusers: only check whether the requested GID is available
This relaxes the availability check when creating a group, if an
explicit GID has been requested.
It avoids mixing up users and groups entries with valid and unique
UIDs/GIDs, but each having the same ID number.
Yu Watanabe [Mon, 8 Aug 2022 13:03:35 +0000 (22:03 +0900)]
sd-device-enumerator,monitor: fix sysattr match
Previously, if sd_device_enumerator_add_match_sysattr() is called for
the same sysattr with different values, then no device passed the filter.
Now, the accepted values (or patterns) are stored in strv, and if the
sysattr value of a device matches with the strv, then the device passes
the filter.
undef [Sat, 6 Aug 2022 05:47:03 +0000 (05:47 +0000)]
shared/generator: Ensure growfs unit runs after repart
When deploying an image using systemd-repart and systemd-growfs one
should have the image expanded entirely and ready to use after the first
boot. This ensures that growfs does not occur before repart, thus
requiring a second boot.
In sd-netlink, we use 'type' for naming many variables with different type,
and worst of all, function like `type_get_type()` exists. That makes the
code hard to understood.
Let's rename
- NLType -> NLAPolicy
- NLTypeSystem -> NLAPolicySet
- NLTypeSystemUnion -> NLAPolicySetUnion
- type_get_type() -> policy_get_type()
- type_get_type_system() -> policy_get_policy_set(), and so on.
This also changes the type of attribute taken by e.g.
`sd_netlink_message_append_string()` from `unsigned short` -> `uint16_t`
to make the variable size clearer.
David Rheinsberg [Wed, 29 Jun 2022 11:37:40 +0000 (13:37 +0200)]
bus: use inline trace argument for ANONYMOUS auth
Rather than using a separate DATA round to transmit the trace-string of
the ANONYMOUS authentication scheme, transmit it inline as argument.
This requires a refactor of the client-side SASL parser, as we now have
a different set of replies depending on the mode used.
This fixes an issue where libdbus-1 does not query for trace-strings if
not transmit inline as AUTH-ANONYMOUS argument. It is unclear from the
wording of the spec whether this is a violation by libdbus-1. However,
we can work around it by simply changing our mode of transmittal.
So far the --help text and the man page of journactl were mostly a large
pile of options shown next to each other. Let's add some basic
structure, and group switches by sections such as "Filtering Options",
"Output Options" and so on.
Do this the same way in the --help text and in the man page.
Since this moves everything around anyway, I also opted to rebreak all
paragraphs in the man page. This makes the patch larger than necessary,
but given that this whole patch doesn't really change contents besides
section titles I figured this would be OK.
When multiple devices have the same devlink, then
adding/updating/removing one of the device may cause syspath change.
Fixes the following issue in
https://github.com/systemd/systemd/issues/23208#issue-1217909746
> the above shows an inconsistency between udev's and systemd's handling
> of the two different devices having the same alias. While udev replaces
> the by-uuid symlink which now points to sdh1 rather than sdd1, systemd
> keeps the previous mapping to sdd1 and emits a warning. This is not the
> problem cause but worth mentioning.
network: also check SR-IOV PF port and other VF ports before configuring
When a PF port becomes down (this can happens e.g. the PF port is joining
a bond interface), some drivers make its VF ports also become down, and
may cause failures in configuring VF ports.
Similary, when a VF port become down, some drivers make its PF port and
other VF ports down.
Let's configure SR-IOV ports (both PF and VFs) after all link-layer
settings of all ports being applied.
Jonas Witschel [Wed, 25 May 2022 12:06:44 +0000 (14:06 +0200)]
cryptsetup: test unlocking using a TPM2 LUKS2 token plugin with a PIN
Test the functionality implemented in the previous commit ("cryptsetup: ask for
PIN when trying to activate using a LUKS2 token plugin"): when "tpm2-device" is
not specified, systemd-cryptsetup calls crypt_activate_by_token_pin() to try to
unlock using a LUKS2 token plugin, test whether this is able to obtain the
provided PIN.
Jonas Witschel [Wed, 25 May 2022 12:06:12 +0000 (14:06 +0200)]
cryptsetup: ask for PIN when trying to activate using a LUKS2 token plugin
crypt_activate_by_token() fails with ENOANO if the token is protected with a
PIN, in this case we need to call crypt_activate_by_token_pin() with a PIN.
This logic is already implemented in
crypt_activate_by_token_pin_ask_password().
This code path is relevant when using systemd-gpt-auto-generator because there
is no a priory information about the type of the used security device, so
systemd-cryptsetup tries to unlock the volume using the corresponding
cryptsetup plugin.
Jonas Witschel [Fri, 5 Aug 2022 09:11:54 +0000 (11:11 +0200)]
cryptsetup-token-systemd-fido2: use crypt_normalize_pin
Use the helper function introduced in the previous commit ("cryptsetup:
implement cryptsetup_token_open_pin for systemd-tpm2 LUKS2 token") for
cryptsetup-token-systemd-tpm2.