Charles Lee [Sat, 18 Nov 2023 11:17:27 +0000 (12:17 +0100)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (227 of 227 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/main
Charles Lee [Sat, 18 Nov 2023 11:17:27 +0000 (12:17 +0100)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (227 of 227 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/main
Luca Boccassi [Fri, 17 Nov 2023 10:31:26 +0000 (10:31 +0000)]
mkosi ci: enable jammy-proposed
This will bring in the fix for rawhide/tumbleweed builds (new libsolv
capable of handling zstd). If all goes well it will migrate to jammy
proper in a week and it can be reverted
Luca Boccassi [Thu, 16 Nov 2023 15:45:20 +0000 (15:45 +0000)]
loop-util: restart loop_configure and reopen FD when O_DIRECT fails
On kernel 5.10.178, when a squashfs file is stored on an EXT4 filesystem
backed by a dm-crypt volume, dissecting fails:
$ SYSTEMD_LOG_LEVEL=debug systemd-dissect /var/foo/bar.raw
Opened '/var/foo/bar.raw' in O_RDONLY access mode, with O_DIRECT enabled.
Couldn't find any partition table to derive sector size of.
loop2: Acquired exclusive lock.
Could not enable direct IO mode, proceeding in buffered IO mode.
Successfully acquired /dev/loop2, devno=7:2, nr=2, diskseq=87
Opened /dev/loop2 (fd=3, whole_block_devnum=7:2, diskseq=87).
Name: bar.raw
Size: 67.2M
Sec. Size: 512
Arch.: n/a
Successfully forked off '(sd-dissect)' as PID 4110.
Mounting /proc/self/fd/3 (squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV "")...
Failed to mount /proc/self/fd/3 (type squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV ""): Input/output error
Failed to mount dissected image: Input/output error
Failed to read /etc/hostname of image: No such file or directory
/etc/machine-id file of image is empty.
Failed to read has-init-system boolean: Input/output error
(sd-dissect) failed with exit status 1.
Failed to acquire image metadata: Input/output error
The kernel shows I/O errors:
kernel: blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
kernel: SQUASHFS error: Failed to read block 0x0: -5
kernel: unable to read squashfs_super_block
This is independent of a particular filesystem and can be reproduced
reliably in my setup, starting from freshly formatted disks.
Instead of continuing when O_DIRECT fails, start over the setup
process without the flag, including opening a new FD, to make the
kernel happy.
Mike Yuan [Tue, 31 Oct 2023 13:08:19 +0000 (21:08 +0800)]
logind: return "no" if sleep operation is disabled
According to org.freedesktop.login1:
> If "na" is returned, the operation is not available because
> hardware, kernel, or drivers do not support it. If "yes" is
> returned, the operation is supported and the user may execute
> the operation without further authentication. If "no" is returned,
> the operation is available but the user is not allowed to execute
> the operation.
Therefore, we should return "no" if sleep is explicitly disabled,
otherwise we return "na".
Yu Watanabe [Wed, 15 Nov 2023 19:37:02 +0000 (04:37 +0900)]
test: several cleanups for test-bus-chat
- use sd_bus_query_sender_creds() to retrieve credentials,
- read credentials only when we get credentials, to avoid triggering
assert_return(),
- downgrade log level of expected failure, and update log message about
unexpected success.
Frantisek Sumsal [Wed, 15 Nov 2023 21:21:16 +0000 (22:21 +0100)]
login: mark the Display property as "emits change"
With the introduction of SetDisplay() method in 4885d7490b2 the Display
property emits a "properties changed" message every time the display is
changed using this method, so mark it appropriately.
When I call 'acpi-update.py' after those changes, the resulting .hwdb files are
the same except for two additions that appeared in the meantime. I don't think
it makes sense to update them again, because the ma-*.txt files changed and we
don't want to store big blobs unnecessarilly.
A non-breaking space is used between "PCR" and the number. I did
search&replace on the whole file, so that when people select&paste
later, they are more likely to use the same format.
Frantisek Sumsal [Wed, 15 Nov 2023 12:56:50 +0000 (13:56 +0100)]
sd-bus: don't treat invalid user/machine as a programming error
$ SYSTEMD_LOG_LEVEL=debug machinectl status --machine=@
Assertion 'r > 0' failed at src/libsystemd/sd-bus/sd-bus.c:1694, function sd_bus_open_system_machine(). Ignoring.
Frantisek Sumsal [Wed, 15 Nov 2023 12:38:02 +0000 (13:38 +0100)]
sd-journal: don't treat invalid match as a programming error
Don't use assert_runtime() when we get an invalid match string, since
that's a runtime error:
$ SYSTEMD_LOG_LEVEL=debug coredumpctl info =
...
Adding match: =
Assertion 'match_is_valid(data, size)' failed at src/libsystemd/sd-journal/sd-journal.c:240, function sd_journal_add_match(). Ignoring.
Failed to add match "=": Invalid argument
gpt-auto-generator: don't eat up errors of generator_enable_remount_fs_service()
I cannot see a reason why we should ignore this error, so let's not. We
use RET_GATHER() on the returns anyway, i.e. collect errors but
continue, so it makes sense to collect this one too.
gpt-auto-generator: drop in_initrd() check in add_partition_root_rw()
This call is never called in the initrd, hence we can drop the extra
check, as it is redundant. Let's keep it as an assert() though, as a
form of code-enforced documentation.
Luca Boccassi [Tue, 14 Nov 2023 21:26:10 +0000 (21:26 +0000)]
Update po files
These are all newline breaks, but some meson tool changed at some
point that causes all of these changes to happen, and they have
started to appear when Weblate sends translations update, making
them very hard to review as they are mostly adding these breaks.
Update all files once and for all so that new translations PRs are
easier to review.
Luca Boccassi [Tue, 14 Nov 2023 20:46:12 +0000 (20:46 +0000)]
hwdb: PNP/ACPI lists on uefi.org are now in CSV format
Adjust the parsing as it's no longer HTML files. Some IDs end with
whitespace, without being quoted, which seems like a mistake as they
weren't before, so strip the ID columns before applying them.
Frantisek Sumsal [Tue, 14 Nov 2023 11:53:51 +0000 (12:53 +0100)]
test: make TEST-06-SELINUX work with the refpolicy and beef it up a bit
Currently the test works only with policy shipped by Fedora, which makes
it pretty much useless in most of our CIs. Let's drop the custom module
and make the test more generic, so it works with the refpolicy as well,
which should allow us to run it on Arch and probably even in Ubuntu CI.
Luca Boccassi [Mon, 13 Nov 2023 19:26:33 +0000 (19:26 +0000)]
selinux: fix loading policy at early boot
First, check for the cached enabled/disabled, as that's what all the
label functions used to do. Then, if initialization is not done yet,
do not cause the label functions to bail out, as it's expected to
happen at early boot.
Among other things, fixes:
systemd[1]: Failed to compute init label, ignoring.
Frantisek Sumsal [Mon, 13 Nov 2023 19:35:29 +0000 (20:35 +0100)]
test: skip --tpm2-device-key= tests with older OpenSSL
--tpm2-device-key= requires OpenSSL >= 3 with KDF-SS, so let's skip the
test if we're running with older OpenSSL.
+ systemd-cryptenroll --tpm2-device-key=/tmp/srk.pub --tpm2-pcrs=12:sha256=F5A5FD42D16A20302798EF6ED309979B43003D2320D9F0E8EA9831A92759FB4B /tmp/systemd-cryptsetup-H8y.IMAGE
Failed to find TPM2 pcrlock policy file 'pcrlock.json': No such file or directory
Allocating context for crypt device /tmp/systemd-cryptsetup-H8y.IMAGE.
Trying to open and read device /tmp/systemd-cryptsetup-H8y.IMAGE with direct-io.
Trying to open device /tmp/systemd-cryptsetup-H8y.IMAGE without direct-io.
Initialising device-mapper backend library.
Trying to load LUKS2 crypt type from device /tmp/systemd-cryptsetup-H8y.IMAGE.
Crypto backend (OpenSSL 1.1.1k FIPS 25 Mar 2021) initialized in cryptsetup library version 2.3.7.
Detected kernel Linux 4.18.0-521.el8.ppc64le ppc64le.
...
Failed to find TPM PCR public key file 'tpm2-pcr-public-key.pem': No such file or directory
Failed to read TPM2 PCR public key, proceeding without: No such file or directory
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
PolicyPCR calculated digest: 9a1f511fb94f030eb21d0332ef2739727bf0ead4ec26a204d15b09cdeb4b2555
Calculating sealed object.
Calculating encrypted seed for sealed object.
Calculating encrypted seed for ECC sealed object.
Calculating KDFe().
KDF-SS requires openssl >= 3.
Could not calculate KDFe: Operation not supported
Could not calculate encrypted seed: Operation not supported
Failed to seal to TPM2: Operation not supported
storagetm: expose more useful metadata for nvme block devices
don't let the devices to be announced just as model "Linux". Let's instead
propagate the underlying block device's model. Also do something
reasonably smart for the serial and firmware version fields.
David Tardon [Mon, 13 Nov 2023 15:23:37 +0000 (16:23 +0100)]
udev: allow global properties in assignments
Before, handling of global properties (set on systemd-udevd by `udevadm
control -p FOO=foo`) was inconsistent. They were honored in ENV matches,
but not in any assignment. This meant that any use of $env{FOO} (where
FOO was a global property) expanded to an empty string.
projects / thirdparty / systemd.git / log
