Jin Liu [Tue, 31 Oct 2023 04:48:24 +0000 (12:48 +0800)]
New PAM module: pam_systemd_loadkey
This module reads password from kernel keyring and sets it as PAM authtok.
It's inspired by gdm's pam_gdm, which reads the LUKS password stored by
systemd-cryptsetup, so Gnome Keyring can be automatically unlocked if set
to the same password (when autologin is enabled so the user doesn't enter
a password in gdm).
secure-boot: print just before cold-resetting to help diagnose hangs
When testing the secureboot enroll feature, it can be hard to distinguish without
using the QMP API of QEMU whether we are in a hang situation of the UEFI firmware.
Making it clear that we reached the `ResetSystem` can be helpful towards that need.
Both sleep_mode_supported and write_mode support this,
but parse_sleep_config currently prohibits this - it always
uses our default value if user specifies HibernateMode=<empty>.
Luca Boccassi [Fri, 27 Oct 2023 15:33:49 +0000 (16:33 +0100)]
exec-invoke: don't double-close FDs on error
When a late error occurs in sd-executor, the cleanup-on-close of the
context structs happen, but at that time all FDs might have already
been closed via close_all_fds(), so a double-close happens. This
can be seen when DynamicUser is enabled, with a non-existing
WorkingDirectory.
Invalidate the FDs in the context structs if close_all_fds succeeds.
Daan De Meyer [Sat, 28 Oct 2023 08:37:16 +0000 (10:37 +0200)]
mkosi: Use cache and build subdirectories
Next release of mkosi will not use subdirectories under the cache
and build directory by default anymore, so let's make sure we already
start creating those ourselves.
xinpeng wang [Wed, 25 Oct 2023 03:19:58 +0000 (11:19 +0800)]
logind: fix abnormal switching causing the screen to go black
After logind receives the SIGRTMIN signal from the kernel, it will execute
manager_vt_switch---session_leave_vt---session_device_pause_all,The device
permissions of the session are removed here;under normal circumstances, the
tty value read from /sys/class/tty/tty0/active changes and switchesto a new
session,give the new session resume device permissions.
But under abnormal circumstances (such as switching quickly on a device using
wayland; and sometimes the kernel will suddenly send a SIGRTMIN signal, but
nothing changes),In these cases, logind does not give session resume device
permission, causing the device to have a black screen and suspended animation.
Michal Sekletar [Wed, 25 Oct 2023 11:17:18 +0000 (13:17 +0200)]
fstab-generator: drop nofail and noauto options for critical mounts
Setting nofail for /usr mount doesn't make sense because without /usr we
can't really boot. However, having the flag set might cause races in
initrd where we could try to switchroot into rootfs before /usr is
actually mounted. Let's just ignore it so that we always have proper
mount unit ordering for /sysroot/usr mount.
Ronan Pigott [Tue, 24 Oct 2023 18:01:32 +0000 (11:01 -0700)]
network: implement RFC4039 DHCP Rapid Commit
This implements the DHCPv4 equivalent of the DHCPv6 Rapid Commit option,
enabling a lease to be selected in an accelerated 2-message exchange
instead of the typical 4-message exchange.
Luca Boccassi [Thu, 26 Oct 2023 13:56:58 +0000 (14:56 +0100)]
core: do not post-process skipped mounts
When a mount is gracefully skipped (e.g.: BindReadOnlyPaths=-/nonexistent)
we still post-process it, like making it read-only. Except if nothing
has been mounted, the mount point will be made read-only for no reason.
Track when mounts are skipped and avoid post-processing.
One day we'll switch all of this to the new mount api and do these
operations atomically or not at all.
test-fstab-generator: skip test impacted by /mnt symlink
On rpm-ostree distributions such as Fedora SilverBlue /mnt
(and other well known paths) will be a symlink to a location
under /var. The fstab generator emits correct output in this
case, however, the data does not match the expected output
stored in the source tree.
Rather than trying to adapt the test data, just skip this
single test scenario when we see /mnt is a symlink.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
test-systemd-tmpfiles: skip when /tmp has unexpected ownership
The systemd-tmpfiles binary will report a fatal error if /tmp is not owned
either by root, or by the current user:
Detected unsafe path transition /tmp (owned by nobody) →
/tmp/test-systemd-tmpfiles.a8qc6n18 (owned by berrange)
during canonicalization of
tmp/test-systemd-tmpfiles.a8qc6n18/test-content.7chd7rdi
When doing development inside a 'toolbox' container (which is required
on a Fedora SilverBlue distro), /tmp is owned by 'nobody', because it
has been passed through from the host and host UID 0 gets mapped to
UID 65536 by usernamespaces. This triggers the unsafe path transition
error message.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
test-blockdev-util: avoid abort when /home is a symlink
On rpm-ostree distributions like Fedora SilverBlue /home (and various
other well known locations) are symlinks to somewhere beneath /var.
The path_is_encrypted() method uses O_NOFOLLOW and as a result will
return ELOOP on /home. This causes test-blockdev-util to abort.
Add ELOOP to the ignorable set of errnos for testing.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
cgroup-show: rework cgroup tree display to operate by fd only
This restores display of the "delegate" flag of a cgroup. Previously we
erroneously passed a full fs path where a cgroup path was expected (the
difference being the /sys/fs/cgroup/ prefix), which meant we never read
the xattr properly. Let's fix that by simply operating by fd on the
cgroup and using it for all operations.
Frantisek Sumsal [Wed, 25 Oct 2023 15:40:05 +0000 (17:40 +0200)]
test: make the TPM event log checking a bit more robust
Don't hardcode the event number, so the test works correctly even if
someone wrote to the event log before us. Also, explicitly pick the
sha256 bank when checking digests, as the indexing may vary depending on
current TPM's capabilities.
Daan De Meyer [Wed, 25 Oct 2023 14:48:35 +0000 (16:48 +0200)]
meson: Always build systemd-measure
Same idea as with bootctl, we might be doing image builds from a
system that doesn't boot with UEFI but we still might want to measure
stuff for the image we're building so let's not gate this behind
ENABLE_BOOTLOADER.
Daan De Meyer [Wed, 25 Oct 2023 14:45:06 +0000 (16:45 +0200)]
meson: Always build bootctl
bootctl is rather useful to have, even if on a system without UEFI,
as it has a number of verbs that are unrelated to UEFI (e.g kernel-identify),
and more importantly, it supports --root to operate on directory trees
(which could be intended to be deployed on UEFI) so let's make sure we
always build it.
cryptenroll: validate positional arguments before looking at detail parameters
Let's switch the order in which we process positional arguments and
analyze/tweak detail parameters. Let's look at the positional arguments
first (i.e. the "big picture") and then look at the switches (i.e.
"little details").
THis doesn't matter much, but makes for better error messages I think.
At least I was very confused that a completely borked cmdline I passed
to cryptenrolled complained about some detail and let the major fuckup
pass...