udev: support by-path devlink for multipath nvme block devices
If multipath feature is enabled, nvme block devices may belong to the
"nvme-subsystem" subsystem, instead of "nvme" subsystem.
(What a confusing name...)
Then, the syspath is something like the following,
/sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1
Hence, we need to find the 'real parent' device, such as
/sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0
Adam Williamson [Thu, 22 Sep 2022 22:08:43 +0000 (15:08 -0700)]
kbd-model-map: add a mapping for switched czech qwerty/us
See https://bugzilla.redhat.com/show_bug.cgi?id=2121106 for the
background on this. One of Fedora's QA folks ran an install
and chose two keyboard layouts: Czech (qwerty) and US. Due to
the sad details of how the whole logic flow for trying to decide
what kbd layout best matches a given xkb config works (see
details in the bug comments), we wound up deciding the best-
matching kbd layout for this situation was cz-us-qwertz, which
is a czech/us switched layout, but is qwertz, not qwerty. This
seems like a poor outcome. Adding this line should result in us
picking cz-qwerty in this case. Which may be the 'legacy'
cz-qwerty.map from upstream kbd project (which is switched
cz/us), or may be the auto-converted xkb layout (which obviously
isn't switched). But either way, at least its primary mode is
Czech qwerty, which seems like a *better* choice than a layout
whose primary mode is Czech qwertz.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
repart: Add --split option to generate split artifacts
For use with sysupdate or other systemd tooling, it's useful to be
able to generate split artifacts from disk images, where each
partition is written to a separate file. Let's support this with
a --split switch for repart and a SplitName= configuration option.
--split enables split artifacts generation, and SplitName= configures
for which partition to generate split artifacts, and which suffix to
add to the split artifact name.
For SplitName=, we add support for some extra specifiers, more specifically
the partition Type UUID and the partition UUID.
shared/format-table: use enum instead of Table.empty_string
All users were setting this to some static string (usually "-"), so let's
simplify things by not doing strdup, but instead limiting callers to a fixed
set of values. In preparation for the next commit, the function is renamed from
"empty" to "replacement", because it'll be used for more than empty fields. I
didn't do the whole string-table setup, because it's all used internally in one
file and this way we can immediately assert if an invalid value is passed in.
Some callers were (void)ing the error, others were ignoring it, and others
propagating. It's nicer to remove the boilerplate.
systemd-run: refuse --working-directory option with --scope
systemd-run's man page says the following about the working directory of
the process:
"If a command is run as transient scope unit, it will be executed
by systemd-run itself as parent process and will thus inherit the
execution environment of the caller."
This means working directory assignment does not work, as evidenced by
the following invocation:
```bash
$ systemd-run --scope --property=WorkingDirectory=/tmp/ bash -c 'echo $(pwd)'
Unknown assignment: WorkingDirectory=/tmp/
```
However, using the shorthand switch --working-directory silently ignores
this instead of giving a similar error.
```bash
systemd-run --scope --user --working-directory=/tmp/ bash -c 'echo $(pwd)'
Running scope as unit: run-r19cc32e744e64285814dbf2204637a2b.scope
/home/test/projects/systemd
```
This commit fixes this by explicitly generating an error instead of
silently ignoring the switch:
```bash
$ systemd-run --scope --working-directory=/tmp/ bash -c 'echo $(pwd)'
--working-directory is not supported in --scope mode.
```
We forgot to conditionalize this on pcrsig/pcrpkey too. So if you have
ne creds or sysext configured we actually wouldn't pass pcrsig/pcrpkey
along. Let's fix that.
To make this work, we have to set up everything in a temporary
directory tree that we can pass to mksquashfs as a single directory.
To make the most common scenario more efficient, we skip the temporary
setup directory if we only get a single source tree destined to root
in the squashfs filesystem.
Yu Watanabe [Wed, 31 Aug 2022 16:17:27 +0000 (01:17 +0900)]
core/device: always update existing devlink or alias units on uevent
Previously, existing device units for devlinks or aliases were not
removed unless the main device unit is removed. This makes all existing
device units for devlinks and aliases are checked if they are still
required, and remove if not necessary anymore.
In 53c26db4dac0f5b79ca2a57364ee7df78a14bbfd the meaning of $BOOT was
redefined. I think that's quite problematic, since the concept is
implemented in code and interface of bootctl. Thus, I think we should
stick to the original definition, which is: "where to *place* boot menu
entries" (as opposed to "where to *read* boot menu entries from").
The aforementioned change was done to address two things afaiu:
1. it focussed on a $BOOT as the single place to put boot entries in,
instead of mentioning that both ESP and $BOOT are expected to be
the source
2. it mentioned the /loader/ dir (as location for boot loader resources)
itself as part of the spec, which however only really makes sense in
the ESP. /loader/entries/ otoh makes sense in either the ESP or
$BOOT.
With this rework I try to address these two issues differently:
1. I intend to make clear the $BOOT is the "primary" place to put stuff
in, and is what should be mounted to /boot/.
2. The ESP (if different from $BOOT) is listed as "secondary" source to
read from, and is what should be mounted to /efi/. NB we now make the
distinction between "where to put" (which is single partition) and
"where to read from".
3. This drops any reference of the /loader/ dir witout the /entries/
suffix. Only the full /loader/entries/ dir (and its companion file
/loader/entries.srel) are now mentioned. Thus isolated /loader/
directory hence becomes irrelevant in the spec, and the fact that
sd-boot maintains some files there (and only in the ESP) is kept out
of the spec, because it is irrelevant to other boot loaders.
4. It puts back the suggestion to mount $BOOT to /boot/ and the ESP to
/efi/ (and suggests adding a symlink or bind mount if both are the
same partition). Why? Because the dirs are semantically unrelated:
it's OK and common to have and ESP but no $BOOT, hence putting ESP
inside of a useless, non-existing "ghost" dir /boot/ makes little
sense. More importantly though, because these partitions are
typically backed by VFAT we want to maintain them as an autofs, with
a short idle delay, so that the file systems are unmounted (and thus
fully clean) at almost all times. This doesn't work if they are
nested within each other, as the establishment of the inner autofs
would pin the outer one, making the excercise useless. Now I don't
think the spec should mention autofs (since that is an implementation
detail), but it should arrange things so that this specific, very
efficient, safe and robust implementation can be implemented.
The net result should be easy from an OS perspective:
1. *Put* boot loader entries in /boot/, always.
2. *Read* boot loader entries from both /boot/ and /efi/ -- if these are distinct.
3. The only things we define in the spec are /loader/entries/*.conf and
/EFI/Linux/*.efi in these two partitions (well, and the companion
file /loader/entries.srel
4. /efi/ and /boot/ because not nested can be autofs.
5. bootctl code and interface (in particular --esp-path= and
--boot-path=) match the spec again. `bootctl -x` and `bootctl -p`
will now print the path to $BOOT and ESP again, matching the concepts
in the spec again.
From the sd-boot perspective things are equally easy:
1. Read boot enrties from ESP and XBOOTLDR.
2. Maintain boot loader config/other resources in ESP only.
measure: separate out PE section options in --help text
Let's separate the PE section options in the --help text to make clearer
that they are about PE sections, and thus make things less confusing
regarding the cryptic names. Specifically, there's now a separate
section in the --help text that looks like this:
<snip>
UKI PE Section Options: UKI PE Section
--linux=PATH Path Linux kernel image → .linux
--osrel=PATH Path to os-release file → .osrel
--cmdline=PATH Path to file with kernel command line → .cmdline
--initrd=PATH Path to initrd image → .initrd
--splash=PATH Path to splash bitmap → .splash
--dtb=PATH Path to Devicetree file → .dtb
--pcrpkey=PATH Path to public key for PCR signatures → .pcrpkey
</snipe>
(The section title is underlined, like we usually do it)
I think separating this out, and organizing the section name in tabular
form emphasizes nicely where this switches get their name from and what
they mean.
Hopefully addresses concerns from
https://github.com/systemd/systemd/pull/24458#discussion_r967052720 in a
diferent way.
(Also dropped a hint regarding DER format for public key. it's simply
wrong, we use PEM like everyone else on Linux. Outside of Java land DER
isn't popular, so we don't need to mention it here in the --help text,
man page should be enough.)
man/systemd-gpt-auto-generator: reword phrasing about partition location
"located on the same disk as the ESP is located on" is hard to grok. Let's
use more natural phrasing. Also, we shouldn't say that "The first foo partition
… is mounted to …", because this doesn't explain what is happening. The
partition could be empty, and there could be other partitions with the "foo"
content, but what matters is the UUID.
man/systemd-gpt-auto-generator: export type flags by name, trim table
We listed many of the root-partition type uuids, but not all. I think the
chances of somebody using the discoverable partition magic on an Itanium system
are fairly low at this point. So let's remove all architectures except the two
most popular consumer architectures. People building Longsoon or RISC-V images
are likely to have the online version of the Discoverable Partitions
Specifications handy anyway, and it makes the man page easier to read. It also
reduces the chances that somebody adding new entries to the table has some
select&paste mishap. We've already had this happen in the past and it's fairly
nasty bug. We don't need to expose the information in two places with manual
propagation between them.
In all other cases we have the older variant before the newer. And since we
generate some documentation tables from the header, this order is also visible
for users. Let's restore the order. This commit does 4565246911adbdd1b20d8944c0754772788a768c in a slightly different fashion.
headers: export partition uuids and flags in new sd-gpt.h file
I think those constants are generally useful. It's quite easy to make a mistake
when copying things from the docs, so let's make them easy and convenient to
access.
In many places we spelled out the phrase behind "initrd" in full, but this
isn't terribly useful. In fact, no "RAM disk" is used, so emphasizing this
is just confusing to the reader. Let's just say "initrd" everywhere, people
understand what this refers to, and that it's in fact an initramfs image.
Also, s/i.e./e.g./ where appropriate.
Also, don't say "in RAM", when in fact it's virtual memory, whose pages
may or may not be loaded in page frames in RAM, and we have no control over
this.
Also, add <filename></filename> and other minor cleanups.
Luca BRUNO [Mon, 19 Sep 2022 10:09:17 +0000 (10:09 +0000)]
docs: add a note about selectively overriding default dependencies
This documents that explicit `Before=`/`After=` dependencies can be
used to selectively override implicit ordering coming from default
dependencies. That allows for more granular control compared to the
already documented `DefaultDependencies=no` option.
The alternative approach came up in a discussion around the ordering
of `boot-complete.target`, so this also adds an explicit suggestion
in that direction to the "Automatic Boot Assessment" documentation.
find-esp: rework verify_fsroot_dir() around statx()
Let's rework verify_fsroot_dir() around two statx() calls, which should
usually give us all information we need. Let's then add a call to the
btrfs ioctl only if the caller actually wants to know the backing block
device (which it generally only wants if it then intends to verify
partition type, and similar).
This makes things more robust on new kernels, and bypasses the btrfs
ioctls in environments where we cannot actually interpret the results
properly (since they reference btrfs devices via /dev/ paths, which we
likely cannot resolve in containers)
Jan Janssen [Tue, 20 Sep 2022 08:08:05 +0000 (10:08 +0200)]
stub: Always use LINUX_INITRD_MEDIA_GUID if available
The kernel PE image version can be used to detect support for this
feature, allowing us to prefer the generic code of the deprecated EFI
handover protocol.
Jan Janssen [Sat, 17 Sep 2022 20:24:51 +0000 (22:24 +0200)]
stub: Refuse operating above 4G if not supported
We could try to relocate these but that is probably not needed. So far
we have not been bitten by this in the real world and kernels we boot
likely already support this anyway.
Jan Janssen [Sat, 17 Sep 2022 20:02:42 +0000 (22:02 +0200)]
stub: Provide a proper boot params page
The boot params passed to the kernel only has to be one page in size
and the size of the setup header has to be calculated as it depends on
the boot protocol version supported by the kernel.
Jan Janssen [Sat, 17 Sep 2022 09:47:39 +0000 (11:47 +0200)]
stub: Fix above 4G boot
The kernel x86 boot protocol does not expect this value to be set when
using EFI handover protocol. If the stub is loaded above 4G we would
end up discarding the high bits, breaking boot.
Note, this also makes synthesize_change() propagate the error from
synthesize_change_one(). However, the caller of synthesize_change()
ignores the failure anyway, hence the change does not take any effect.
William Roberts [Mon, 19 Sep 2022 18:50:03 +0000 (13:50 -0500)]
cryptsetup: use TPM flags over bool
This works becuase TPM2_FLAGS_USE_PIN is 1 and bool is a 1 so the bits
line up as expected, however if for some reason flags change values and
for clarity check if the boolean indicates this flag and pass the flag
value.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
projects / thirdparty / systemd.git / log
