to sign UKIs and their PCR data with.
* ukify now accepts SBAT information to place in the .sbat PE section
- of UKIs and addons. If an UKI is built the SBAT information from the
+ of UKIs and addons. If a UKI is built the SBAT information from the
inner kernel is merged with any SBAT information associated with
systemd-stub and the SBAT data specified on the ukify command line.
of the same name.
* A new kernel-install plugin 60-ukify has been added which will
- combine kernel/initrd locally into an UKI and optionally sign them
+ combine kernel/initrd locally into a UKI and optionally sign them
with a local key. This may be used to switch to UKI mode even on
systems where a local kernel or initrd is used. (Typically UKIs are
built and signed by the vendor.)
* A new ConditionFirmware= setting has been added to unit files to
conditionalize on certain firmware features. At the moment it may
- check whether running on an UEFI system, a device.tree system, or if
+ check whether running on a UEFI system, a device.tree system, or if
the system is compatible with some specified device-tree feature.
* A new ConditionOSRelease= setting has been added to unit files to
implementations.
* journalctl will now include a clickable link in the default output for
- each log message for which an URL with further documentation is
+ each log message for which a URL with further documentation is
known. This is only supported on terminal emulators that support
clickable hyperlinks, and is turned off if a pager is used (since
"less" still doesn't support hyperlinks,
triggering automatic unmounting when devices become
unavailable. With this in place systemd will now
automatically unmount left-over mounts when a CD-ROM is
- ejected or an USB stick is yanked from the system.
+ ejected or a USB stick is yanked from the system.
* networkd-wait-online now has support for waiting for
specific interfaces only (with globbing), and for giving up
* maybe add a new UEFI stub binary "sd-http". It works similar to sd-stub, but
all it does is download a file from a http server, and execute it, after
optionally checking its hash sum. idea would be: combine this "sd-http" stub
- binary with some minimal info about an URL + hash sum, plus .osrel data, and
+ binary with some minimal info about a URL + hash sum, plus .osrel data, and
drop it into the unified kernel dir in the ESP. And bam you have something
that is tiny, feels a lot like a unified kernel, but all it does is chainload
the real kernel. benefit: downloading these stubs would be tiny and quick,
* maybe add a generator that reads /proc/cmdline, looks for
systemd.pull-raw-portable=, systemd-pull-raw-sysext= and similar switches
- that take an URL as parameter. It then generates service units for
+ that take a URL as parameter. It then generates service units for
systemd-pull calls that download these URLs if not installed yet. usecase:
invoke a VM or nspawn container in a way it automatically deploys/runs these
images as OS payloads. i.e. have a generic OS image you can point to any
file can be directly `dd`'ed onto it; the format is unchanged. The GPT envelope
should ensure the image is properly recognizable as a home directory both when
used in a loopback file and on a removable USB stick. (Note that when mounting
-a home directory from an USB stick, it too defaults to a directory in `/home/`,
+a home directory from a USB stick, it too defaults to a directory in `/home/`,
named after the username, with no further suffix.)
Rationale for the GPT partition table envelope: this way the image is nicely
database records for all UIDs assigned to a running container from this
range.
-Note for both allocation ranges: when an UID allocation takes place NSS is
+Note for both allocation ranges: when a UID allocation takes place NSS is
checked for collisions first, and a different UID is picked if an entry is
found. Thus, the user database is used as synchronization mechanism to ensure
exclusive ownership of UIDs and UID ranges. To ensure compatibility with other
security and is thus recommended.</para></listitem>
<listitem><para>Similar, but the LUKS2 encrypted file system is located on regular block device, such
- as an USB storage stick. In this mode home directories and all data they include are nicely migratable
+ as a USB storage stick. In this mode home directories and all data they include are nicely migratable
between machines, simply by plugging the USB stick into different systems at different
times.</para></listitem>
<refsect1>
<title>Examples</title>
<example>
- <title>Download an Ubuntu image and open a shell in it</title>
+ <title>Download a Ubuntu image and open a shell in it</title>
<programlisting># machinectl pull-tar https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-root.tar.gz
# systemd-nspawn -M trusty-server-cloudimg-amd64-root</programlisting>
to <function>ImportTar()</function> or <function>ImportRaw()</function> as described above.</para>
<para><function>PullTar()</function> and <function>PullRaw()</function> may be used to download, verify
- and import a system image from a URL. They take an URL argument which should point to a tar or
+ and import a system image from a URL. They take a URL argument which should point to a tar or
raw file on the <literal>http://</literal> or <literal>https://</literal> protocols, possibly
compressed with xz, bzip2 or gzip. The second argument is a local name for the image. It should be
suitable as a hostname, similarly to the matching argument of the <function>ImportTar()</function> and
<literal>=</literal> and a string of options separated by
commas as argument. This will override the options for the
given UUID.</para>
- <para>If only a list of options, without an UUID, is
+ <para>If only a list of options, without a UUID, is
specified, they apply to any UUIDs not specified elsewhere,
and without an entry in
<filename>/etc/crypttab</filename>.</para>
<term><option>-u</option></term>
<term><option>--uuid</option></term>
- <listitem><para>Generate output as an UUID formatted in the "canonical representation", with five
+ <listitem><para>Generate output as a UUID formatted in the "canonical representation", with five
groups of digits separated by hyphens. See the
<ulink url="https://en.wikipedia.org/wiki/Universally_unique_identifier#Format">wikipedia</ulink>
for more discussion.</para></listitem>
<term><varname>DOCUMENTATION=</varname></term>
<listitem>
<para>A documentation URL with further information about the topic of the log message. Tools such
- as <command>journalctl</command> will include a hyperlink to an URL specified this way in their
+ as <command>journalctl</command> will include a hyperlink to a URL specified this way in their
output. Should be an <literal>http://</literal>, <literal>https://</literal>,
<literal>file:/</literal>, <literal>man:</literal> or <literal>info:</literal> URL.</para>
</listitem>
<entry>The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
<row><entry><varname>bareudp</varname></entry>
- <entry>Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of an UDP tunnel.</entry></row>
+ <entry>Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of a UDP tunnel.</entry></row>
<row><entry><varname>batadv</varname></entry>
<entry><ulink url="https://www.open-mesh.org/projects/open-mesh/wiki">B.A.T.M.A.N. Advanced</ulink> is a routing protocol for multi-hop mobile ad-hoc networks which operates on layer 2.</entry></row>
return log_oom();
printf("%1$s [OPTIONS...] MESSAGE\n\n"
- "%3$sQuery the user for a system passphrase, via the TTY or an UI agent.%4$s\n\n"
+ "%3$sQuery the user for a system passphrase, via the TTY or a UI agent.%4$s\n\n"
" -h --help Show this help\n"
" --icon=NAME Icon name\n"
" --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n"
uint64_t block_device_size;
struct stat st;
- /* Let's place the home directory on a real device, i.e. an USB stick or such */
+ /* Let's place the home directory on a real device, i.e. a USB stick or such */
setup->image_fd = open_image_file(h, ip, &st);
if (setup->image_fd < 0)
goto child_fail;
}
- /* Run the actual copy operation. Note that when an UID shift is set we'll either clamp the UID/GID to
+ /* Run the actual copy operation. Note that when a UID shift is set we'll either clamp the UID/GID to
* 0 or to the actual UID shift depending on the direction we copy. If no UID shift is set we'll copy
* the UID/GIDs as they are. */
if (copy_from)
DNS_SERVER_FEATURE_LEVEL_IS_UDP(s->possible_feature_level) &&
((s->possible_feature_level != DNS_SERVER_FEATURE_LEVEL_DO) || dns_server_get_dnssec_mode(s) != DNSSEC_YES)) {
- /* We lost too many UDP packets in a row, and are on an UDP feature level. If the
+ /* We lost too many UDP packets in a row, and are on a UDP feature level. If the
* packets are lost, maybe the server cannot parse them, hence downgrading sounds
* like a good idea. We might downgrade all the way down to TCP this way.
*
t->dns_udp_event_source = sd_event_source_disable_unref(t->dns_udp_event_source);
- /* If we have an UDP socket where we sent a packet, but never received one, then add it to the socket
+ /* If we have a UDP socket where we sent a packet, but never received one, then add it to the socket
* graveyard, instead of closing it right away. That way it will stick around for a moment longer,
* and the reply we might still get from the server will be eaten up instead of resulting in an ICMP
* port unreachable error message. */
size_t m = utf8_n_codepoints(str);
if (m == SIZE_MAX)
m = strlen(str); /* Not a valid UTF-8 string? If so, let's backspace the number of bytes
- * output. Most likely this happened because we are not in an UTF-8 locale,
+ * output. Most likely this happened because we are not in a UTF-8 locale,
* and in that case that is the correct thing to do. And even if it's not,
* terminals tend to stop backspacing at the leftmost column, hence
* backspacing too much should be mostly OK. */
assert(encoded);
assert(decoded);
- /* Converts an U-label into an A-label */
+ /* Converts a U-label into an A-label */
r = dlopen_idn();
if (r < 0)
size_t w;
int r;
- /* To be invoked after unescaping. Converts an A-label into an U-label. */
+ /* To be invoked after unescaping. Converts an A-label into a U-label. */
assert(encoded);
assert(decoded);
assert(url);
- /* Takes an URL and a pretty string and formats it as clickable link for the terminal. See
+ /* Takes a URL and a pretty string and formats it as clickable link for the terminal. See
* https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda for details. */
if (isempty(text))
QRcode* qr;
int r;
- /* If this is not an UTF-8 system or ANSI colors aren't supported/disabled don't print any QR
+ /* If this is not a UTF-8 system or ANSI colors aren't supported/disabled don't print any QR
* codes */
if (!is_locale_utf8() || !colors_enabled())
return -EOPNOTSUPP;
}
/* Note that we don't validate the path as being absolute or normalized. We'll do that in
- * transfer_read_definition() as we might not know yet whether Path refers to an URL or a file system
+ * transfer_read_definition() as we might not know yet whether Path refers to a URL or a file system
* path. */
rr->path_auto = false;