]>
git.ipfire.org Git - thirdparty/systemd.git/log
Daniel P. Berrangé [Mon, 3 Jul 2023 08:53:43 +0000 (09:53 +0100)]
dbus: add 'ConfidentialVirtualization' property to manager object
This property reports whether the system is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Fri, 30 Jun 2023 18:01:17 +0000 (19:01 +0100)]
unit: add "cvm" option for ConditionSecurity
The "cvm" flag indicates whether the OS is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Fri, 30 Jun 2023 18:07:29 +0000 (19:07 +0100)]
detect-virt: add --list-cvm option
The --list-cvm option reports the known types of confidential virtualization
technology that can be detected.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Fri, 30 Jun 2023 18:07:29 +0000 (19:07 +0100)]
detect-virt: add --cvm option
The --cvm option detects whether the OS is running inside a confidential
virtual machine.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Daniel P. Berrangé [Fri, 9 Jun 2023 14:37:18 +0000 (15:37 +0100)]
add APIs for detecting confidential virtualization
This code uses various CPUID checks to be able to identify
* AMD SEV
* AMD SEV-ES
* AMD SEV-SNP
* Intel TDX
On HyperV/Azure, it has special checks for detecting SEV-SNP
since the normal CPUID is blocked.
Related: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Lennart Poettering [Wed, 5 Jul 2023 13:56:21 +0000 (15:56 +0200)]
Merge pull request #26844 from YHNdnzj/propagate-stop-fixup
core: introduce UNIT_ATOM_PROPAGATE_STOP_GRACEFUL for PropagatesStopTo=
Luca Boccassi [Wed, 5 Jul 2023 09:29:33 +0000 (10:29 +0100)]
Merge pull request #28207 from poettering/initrd-creds
various credential improvements (including initrd creds, creds in generators, fstab + getty creds)
Lennart Poettering [Wed, 5 Jul 2023 08:40:44 +0000 (10:40 +0200)]
Merge pull request #28253 from yuwata/hwdb-follow-up
hwdb: several cleanups
Yu Watanabe [Wed, 5 Jul 2023 07:36:16 +0000 (16:36 +0900)]
Merge pull request #28228 from yuwata/repart-free-area
repart: fix free area calculation
Yu Watanabe [Wed, 5 Jul 2023 02:00:23 +0000 (11:00 +0900)]
unit: also condition out systemd-backlight in initrd
Follow-up for
9173d31dfea5c2b05ff08480972c499cb7aac940 .
The systemd-backlight@.service also save/restore state but the data
is in /var/.
Lennart Poettering [Tue, 4 Jul 2023 20:31:11 +0000 (22:31 +0200)]
units: condition out a few services in the initrd
Let's make our units more robust to being added to an initrd:
1. systemd-boot-update only makes sense if sd-boot is available in /usr/
to copy into the ESP. This is generally not the case in initrds, and
even if it was, we shouldn't update the ESP from the initrd, but from
the host instead.
2. The rfkill services save/restore rfkill state, but that information
is only available once /var/ is mounted, which generally happens
after the initrd transition.
3. utmp management is partly in /var/, and legacy anyway, hence don't
bother with it in the initrd.
Yu Watanabe [Mon, 3 Jul 2023 06:15:27 +0000 (15:15 +0900)]
test: update test for free area calculation in repart
Yu Watanabe [Mon, 3 Jul 2023 06:14:14 +0000 (15:14 +0900)]
repart: fix free area calculation
Like fdisk_get_last_lba(), fdisk_partition_get_end() return the last
sector in the partition.
Fixes #28225.
Yu Watanabe [Mon, 3 Jul 2023 03:11:50 +0000 (12:11 +0900)]
test: add reproducer for issue #28225
Yu Watanabe [Wed, 5 Jul 2023 01:17:59 +0000 (10:17 +0900)]
hwdb: make matching modalias for Archos 101 Cesium Educ more strict
Follow-up for
41f34dcf3bc7004aaa9b251480d56bcfe144346d .
Yu Watanabe [Wed, 5 Jul 2023 01:28:42 +0000 (10:28 +0900)]
hwdb: merge multiple keyboard entries with same setting
Follow-up for
123c0e24dd3af4c7168ee77dad841cc730b5db60 .
Note, the entry was originally added for IdeaPad Flex 5 in
21b589a15504cdbd309a82abb566ef4e36957f92 .
Then, a bug introduced by
19db450f3a243fcaf0949beebafc3025f8e3a98e .
But, when it was fixed by
738a195bd59dc2e85c15382d17d391c1781aaa4e ,
the glob becomes too stricter, and another variant was added by
123c0e24dd3af4c7168ee77dad841cc730b5db60 .
Yu Watanabe [Wed, 5 Jul 2023 01:16:56 +0000 (10:16 +0900)]
hwdb: drop trailing white space
Follow-up for
4687f001e689fd482f530a8d1d0adc93e01d74ea .
Mike Yuan [Thu, 16 Mar 2023 08:23:17 +0000 (16:23 +0800)]
test: add test cases for issue #26839 in TEST-03-JOBS
Mike Yuan [Mon, 3 Jul 2023 23:28:33 +0000 (07:28 +0800)]
core: introduce UNIT_ATOM_PROPAGATE_STOP_GRACEFUL for PropagatesStopTo=
Follow-up for
017a7ba4f406adcf69d6b3ec15b9f2d9ed5ad853
Before this commit, when a unit that is restarting propagates stop
to other units, it can also depend on them, which results in
job type conflict and thus failure to pull in the dependencies.
So, let's introduce a new dependency atom UNIT_ATOM_PROPAGATE_STOP_GRACEFUL,
and use it for PropagatesStopTo=. It will enqueue a restart job if
there's already a start job, which meets the ultimate goal and avoids
job type conflict.
Fixes #26839
Mike Yuan [Mon, 3 Jul 2023 22:55:55 +0000 (06:55 +0800)]
core/transaction: return early when appropriate to reduce nesting
Mike Yuan [Wed, 5 Jul 2023 00:14:27 +0000 (08:14 +0800)]
man/systemctl: document --job-mode=restart-dependencies
Follow-up for
09d04ad325473e05e23e6ba8382d7de1dd819bda
Lennart Poettering [Fri, 23 Jun 2023 20:50:02 +0000 (22:50 +0200)]
update TODO
Lennart Poettering [Tue, 4 Jul 2023 09:46:37 +0000 (11:46 +0200)]
import-creds: add support for binary credentials specified on the kernel cmdline
Lennart Poettering [Fri, 30 Jun 2023 09:46:16 +0000 (11:46 +0200)]
man: document where PID 1 imports credentials from
Lennart Poettering [Fri, 30 Jun 2023 09:45:59 +0000 (11:45 +0200)]
man: document how credentials are passed into generators
Lennart Poettering [Fri, 30 Jun 2023 09:44:46 +0000 (11:44 +0200)]
doc: document inird credentials + and how to consume credentials in generators
(as well as various other fixes)
Lennart Poettering [Fri, 30 Jun 2023 08:23:10 +0000 (10:23 +0200)]
generator: run various generators only run on the host, not in initrd
These 5 generators only make sense on the host,not in the initrd, hence
if they end up in the initrd anyway, make them exit quickly.
Lennart Poettering [Thu, 29 Jun 2023 20:53:26 +0000 (22:53 +0200)]
test: verify that the getty generator with creds works
Lennart Poettering [Fri, 23 Jun 2023 20:50:55 +0000 (22:50 +0200)]
getty-generator: minor modernizations
Lennart Poettering [Fri, 23 Jun 2023 20:50:34 +0000 (22:50 +0200)]
getty-generator: allow configuring additional gettys via credentials
Lennart Poettering [Thu, 29 Jun 2023 19:52:57 +0000 (21:52 +0200)]
test: add simple fstab credential test
Lennart Poettering [Fri, 23 Jun 2023 20:49:55 +0000 (22:49 +0200)]
fstab-generator: add more parameter name comments
Lennart Poettering [Fri, 23 Jun 2023 19:51:12 +0000 (21:51 +0200)]
fstab-generator: optional read addtional fstab lines from credentials
Fixes: #27260
Lennart Poettering [Thu, 29 Jun 2023 17:03:08 +0000 (19:03 +0200)]
test: add test for initrd credentials
This extends the test framework a bit, and allows adding additional
initrds to the qemu invocation, which we use here to place credentials
in the new /run/systemd/@initrd/ credentials dir which are then passed
to the host.
Lennart Poettering [Thu, 29 Jun 2023 10:53:23 +0000 (12:53 +0200)]
import-creds: unify acquire_credential_directory() + acquire_encrypted_credential_directory()
Let's unify these very similar functions, and port them to the new
mount_credentials_fs() call.
While we are at it, if we detect that the credentials dir already is a
mount point, remount it writable so that we can actually write to it.
Lennart Poettering [Thu, 29 Jun 2023 10:32:44 +0000 (12:32 +0200)]
execute: split out mounting of credentials fs
Let's add two new helpers: mount_credentials_fs() and
credentials_fs_mount_flags(). The former mounts a file system suitable
for storing of unencrypted credentials at runtime (i.e. a ramfs or
tmpfs). The latter determines the right mount flags to use for such a
mount.
Both functions mostly just take code from execute.c, but make two
changes:
1. If the kernel supports it we'll use a tmpfs with the new "noswap"
mount option instead of ramfs. Was added in kernel 6.4, hence is very
recent, but tmpfs is so much less crappy than ramfs, hence worth it.
2. We'll set MS_NOSYMFOLLOW on the mounts if supported. These file
systems should only contain regulra files, hence no need to allow
symlinks.
Lennart Poettering [Wed, 28 Jun 2023 20:58:07 +0000 (22:58 +0200)]
import-creds: show list of imported credentials during initialization of PID 1
Let's make things easier to debug: provide an overview what has been
passed, during boot.
Lennart Poettering [Wed, 28 Jun 2023 16:11:15 +0000 (18:11 +0200)]
core: consult credentials for machine ID to use for host
Let's hook up one more thing with credentials: the machine ID to use
when none is initialized yet.
This requires some reordering of initialization steps in PID 1: we need
to import credentials first, and only then initialize the machine ID.
Lennart Poettering [Wed, 28 Jun 2023 16:10:40 +0000 (18:10 +0200)]
import-creds: pick up vmm.notify_socket also from encrypted credentials
Now that we have the infra in place, make PID 1 pick up encrypted
credentials too.
(While we are at it, split this out into its own helper)
Lennart Poettering [Fri, 23 Jun 2023 19:48:15 +0000 (21:48 +0200)]
creds-util: add new helper read_credential_with_decryption()
This is just like read_credential() but also looks into the encrypted
credential directory, not just the regular one.
Normally, we decrypt credentials at the moment we pass them to services.
From service PoV all credentials are hence decrypted credentials.
However, when we want to access credentials in a generator this logic
does not apply: here we have the regular and the encrypted credentials
directory. So far we didn't attempt to make use of credentials in
generators hence.
Let's address and add helper that looks into both directories, and talks
to the TPM if necessary to decrypt the credentials.
Lennart Poettering [Fri, 23 Jun 2023 15:49:44 +0000 (17:49 +0200)]
import-creds: define a new dir where initrd configurators can pass credentials to host
Lennart Poettering [Tue, 4 Jul 2023 20:26:52 +0000 (22:26 +0200)]
execute: fix credential dir handling for fs which support ACLs
When the credential dir is backed by an fs that supports ACLs we must be
more careful with adjusting the 'x' bit of the directory, as any chmod()
call on the dir will reset the mask entry of the ACL entirely which we
don't want. Hence, do a manual set of ACL changes, that only add/drop
the 'x' bit but otherwise leave the ACL as it is.
This matters if we use tmpfs rather than ramfs to store credentials.
Lennart Poettering [Fri, 30 Jun 2023 08:22:35 +0000 (10:22 +0200)]
man: make sure credentials properly show up in directives index
Igor Tsiglyar [Mon, 3 Jul 2023 13:51:32 +0000 (16:51 +0300)]
journal-remote: upload journals from namespace
Thomas Genty [Tue, 4 Jul 2023 13:41:57 +0000 (15:41 +0200)]
hwdb : add support for Archos 101 Cesium Educ to 60-sensor.hwdb
Lennart Poettering [Tue, 4 Jul 2023 11:04:56 +0000 (13:04 +0200)]
NEWS/--help: correct/be clearer on bootclt -R vs. -RR
The NEWS file was simply wrong. Let's also improve the --help text on
this.
Fixes: #28221
Lennart Poettering [Tue, 4 Jul 2023 09:47:19 +0000 (11:47 +0200)]
hibernate-resume-generator: downgrade 'noresume' log message
This log message is shown pretty regular at boot in various scenarios
(such as CI builds), and it's not a reason for any concern, it's just the
immediate effect of explicit configuration. Hence let's downgrade from
LOG_NOTICE to LOG_INFO so that it is still usually in the boot output,
but not particularly highlighted, since there's really no reason to.
Lennart Poettering [Mon, 3 Jul 2023 12:36:14 +0000 (14:36 +0200)]
systemctl: implement a new "whoami" verb, that just returns unit of caller/PID
Frantisek Sumsal [Mon, 3 Jul 2023 19:38:42 +0000 (21:38 +0200)]
test: wait for the interface to become routable after reconfiguring
Since
6e8477edd3 TEST-75 started failing with:
[ 571.468298] testsuite-75.sh[46]: + for addr in "${DNS_ADDRESSES[@]}"
[ 571.468298] testsuite-75.sh[46]: + run delv @fd00:dead:beef:cafe::1 -t A mail.signed.test
[ 571.468899] testsuite-75.sh[562]: + tee /tmp/tmp.qKlHPbCCJZ
[ 571.469317] testsuite-75.sh[561]: + delv @fd00:dead:beef:cafe::1 -t A mail.signed.test
[ 571.501381] testsuite-75.sh[562]: ;; network unreachable resolving 'mail.signed.test/A/IN': fd00:dead:beef:cafe::1#53
[ 571.501564] testsuite-75.sh[562]: ;; resolution failed: SERVFAIL
[ 571.515457] testsuite-75.sh[46]: + grep -qF '; fully validated' /tmp/tmp.qKlHPbCCJZ
Let's wait for the dns0 interface to become routable again after
re-enabling IPv6 to, hopefully, mitigate this.
Yu Watanabe [Mon, 3 Jul 2023 23:06:13 +0000 (08:06 +0900)]
Merge pull request #28245 from rpigott/dhcp6-relax-assert
relax data assert in dchp6_option_parse_string
Mike Yuan [Mon, 3 Jul 2023 21:54:56 +0000 (05:54 +0800)]
Merge pull request #28215 from poettering/start-as-restart
pid1: enqueue auto-restart job for the unit itself as JOB_START and for dependending units as JOB_RESTART
Ronan Pigott [Mon, 3 Jul 2023 20:15:47 +0000 (13:15 -0700)]
test-network: add test for an invalid captive portal uri
This could probably be extended to include many more invalid uri
Ronan Pigott [Mon, 3 Jul 2023 20:02:47 +0000 (13:02 -0700)]
dhcp6: relax data assert in dhcp6_option_parse_string
dhcp6_option_parse_string is intended to clear strings with length 0,
for consistency. The data assert is too strict for this purpose, so we
will allow data || data_len == 0, similar to other dhcp6_option_parse*
helpers.
Fixes: fde788601be8 ("dhcp6-client: parse RFC8910 captive portal dhcp6 option")
Yu Watanabe [Mon, 3 Jul 2023 16:27:20 +0000 (01:27 +0900)]
Merge pull request #28232 from rpigott/ndisc-captive-portal-mfree
ndisc: clear ndisc captive portal value on bogus zero-len option
Yu Watanabe [Mon, 3 Jul 2023 05:37:07 +0000 (14:37 +0900)]
repart: fix comment
Lennart Poettering [Mon, 3 Jul 2023 11:33:47 +0000 (13:33 +0200)]
loginctl,machinectl: use same ansi formatting in --help texts as in systemctl
Lennart Poettering [Mon, 3 Jul 2023 11:36:08 +0000 (13:36 +0200)]
units: skip systemd-battery-check in environments where it doesn't make sense
Let's condition the service so that it doesn't run where we aren't
directly run on baremetal, or where no power sources are discovered at
all.
Mike Yuan [Mon, 3 Jul 2023 14:32:36 +0000 (22:32 +0800)]
core/service: show correct restart usec for services in SERVICE_AUTO_RESTART_QUEUED
Follow-up for #28215
We can now correctly distinguish enqueued auto-restarts
from those that are still pending. Let's take advantage
of that.
Lennart Poettering [Mon, 3 Jul 2023 12:49:46 +0000 (14:49 +0200)]
test: add test case for recent OnSuccess=/OnFailure= state machine changes
Lennart Poettering [Fri, 30 Jun 2023 16:17:06 +0000 (18:17 +0200)]
core: introduce a new job mode JOB_RESTART_DEPENDENCIES
This new job mode will enqueue a start job for a unit, and all units
depending on the unit will get a restart job enqueued. This is then used
for automatic sevice restarts: the unit itself is only started, the
depending units restarted. This way the unit will not go down
unnecessarily, triggering OnSuccess= needlessly.
This also introduces a new state SERVICE_AUTO_RESTART_QUEUED that is
entered once the restart jobs are enqueued. Previously we'd stay in
SERVICE_AUTO_RESTART, but that's problematic, since we'd lose
information whether we still need to enqueue the restart job during a
serialization/deserialization cycle or not. By having an explicit state
for this we know exactly whether we still need to enqueue the job or
not. It's also good since when we are in SERVICE_AUTO_RESTART_QUEUED we
want to act on unit_start(), but on SERVICE_AUTO_RESTART we want to wait
for the holdoff time to pass before we act on unit_start().
Fixes: #27722
Lennart Poettering [Fri, 30 Jun 2023 16:16:55 +0000 (18:16 +0200)]
service: re-linebreak some comments matching current coding style
Luca Boccassi [Mon, 3 Jul 2023 14:04:32 +0000 (15:04 +0100)]
Merge pull request #28230 from yuwata/network-wait-address-configure
network: delay to configure address untill it is removed on reconfigure
Ronan Pigott [Mon, 3 Jul 2023 10:07:57 +0000 (03:07 -0700)]
ndisc: reject malformed captive portal URI with EBADMSG
This allows the correct, gracious, error handling to follow up in the
ndisc handler. Otherwise, an internal error is assumed and the interface
disabled.
Fixes: 9747955d2d60 ("ndisc: parse RFC8910 captive portal ipv6ra option")
Lennart Poettering [Mon, 3 Jul 2023 09:59:45 +0000 (11:59 +0200)]
update TODO
Ronan Pigott [Mon, 3 Jul 2023 07:36:04 +0000 (00:36 -0700)]
ndisc: clear ndisc captive portal value on bogus zero-len option
This value was freed but erroneously never cleared, leading to
use-after-free.
Fixes: 9747955d2d60 ("ndisc: parse RFC8910 captive portal ipv6ra option")
Yu Watanabe [Mon, 3 Jul 2023 07:04:30 +0000 (16:04 +0900)]
test-network: add test for static route with preferred source
This adds possible reproducer for issue #28009 (though, the issue is
highly racy, hence this may not trigger the issue reliably).
Yu Watanabe [Mon, 3 Jul 2023 07:03:50 +0000 (16:03 +0900)]
test-network: check route more strictly
Yu Watanabe [Mon, 3 Jul 2023 06:43:53 +0000 (15:43 +0900)]
network: delay to configure address until it is removed on reconfigure
When we request an address that already exists and is under removing,
we need to wait for the address being removed. Otherwise, configuration
of a route whose preferred source is the address will fail.
Fixes #28009.
Replaces #28088.
Yu Watanabe [Mon, 3 Jul 2023 07:00:20 +0000 (16:00 +0900)]
network: constify several functions
Yu Watanabe [Mon, 3 Jul 2023 05:51:56 +0000 (14:51 +0900)]
Merge pull request #28132 from rpigott/dhcp-captive-portal
Implement RFC8910: captive portal dhcp options
Bastien Nocera [Sun, 2 Jul 2023 09:44:57 +0000 (11:44 +0200)]
hwdb: Add override for headset form-factors
Correct the SOUND_FORM_FACTOR property for Steelseries Arctis headsets.
The USB IDs were all gathered from HeadsetControl[1].
[1]: https://github.com/Sapd/HeadsetControl
Luca Boccassi [Sun, 2 Jul 2023 14:54:56 +0000 (15:54 +0100)]
Merge pull request #28226 from mrc0mmand/coverity-fixes
A couple of Coverity-related fixes
Frantisek Sumsal [Sun, 2 Jul 2023 09:39:00 +0000 (11:39 +0200)]
tree-wide: explicitly ignore return value in a couple more places
Resolves:
- CID#
1490777
- CID#
1498366
- CID#
1508639
- CID#
1509084
- CID#
1509086
- CID#
1509087
Frantisek Sumsal [Sun, 2 Jul 2023 09:22:50 +0000 (11:22 +0200)]
unit: drop an unused assignment
Resolves: CID#
1509244
Frantisek Sumsal [Sun, 2 Jul 2023 09:09:09 +0000 (11:09 +0200)]
virt: drop an unused assignment
As `v` gets overwritten by the following detect_vm_cpuid() call.
Resolves: CID#
1509247
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2023 21:33:20 +0000 (15:33 -0600)]
tree-wide: "<n>bit" → "<n>-bit"
In some places, "<n> bits" is used when more appropriate.
Frantisek Sumsal [Sun, 2 Jul 2023 09:04:38 +0000 (11:04 +0200)]
test: drop an unused assignment
Unused since
788c2d9523 .
Resolves: CID#
1509248
Ronan Pigott [Thu, 29 Jun 2023 23:38:55 +0000 (16:38 -0700)]
test-network: add tests for captive portal dhcp options
Ronan Pigott [Thu, 29 Jun 2023 23:38:26 +0000 (16:38 -0700)]
networkctl: show captive portal configuration in link status
Ronan Pigott [Thu, 29 Jun 2023 23:36:50 +0000 (16:36 -0700)]
networkd: include captive portal information in link json description
Ronan Pigott [Thu, 29 Jun 2023 23:58:03 +0000 (16:58 -0700)]
network: Introduce UseCaptivePortal IPv6RA option
Accepts a boolean. When enabled retains captive portal configuration
advertised by the router.
Ronan Pigott [Thu, 29 Jun 2023 23:33:57 +0000 (16:33 -0700)]
network: Introduce UseCaptivePortal DHCPv6 option
Acepts a boolean. When enabled requests and retains captive portal
configuration from the DHCPv6 server.
Ronan Pigott [Thu, 29 Jun 2023 23:30:31 +0000 (16:30 -0700)]
network: Introduce UseCaptivePortal DHCPv4 option
Accepts a boolean. When enabled, UseCaptivePortal will request and
retain the captive portal configuration from the DHCP server.
Ronan Pigott [Thu, 29 Jun 2023 23:22:45 +0000 (16:22 -0700)]
ndisc: parse RFC8910 captive portal ipv6ra option
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2023 20:07:25 +0000 (14:07 -0600)]
NEWS: reword/fix/extend the entries for v254
Zbigniew Jędrzejewski-Szmek [Sat, 1 Jul 2023 19:54:14 +0000 (13:54 -0600)]
NEWS: drop doubled space after period
Emacs does this, but it doesn't make much sense. It makes even
less sense if done only in some places.
dependabot[bot] [Sat, 1 Jul 2023 10:38:05 +0000 (10:38 +0000)]
build(deps): bump github/codeql-action from 2.3.5 to 2.20.1
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/
0225834cc549ee0ca93cb085b92954821a145866 ...
f6e388ebf0efc915c6c5b165b019ee61a6746a38 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Sat, 1 Jul 2023 09:08:48 +0000 (09:08 +0000)]
build(deps): bump actions/labeler from 4.0.4 to 4.2.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.4 to 4.2.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/
0776a679364a9a16110aac8d0f40f5e11009e327 ...
0967ca812e7fdc8f5f71402a1b486d5bd061fe20 )
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Sat, 1 Jul 2023 09:08:49 +0000 (09:08 +0000)]
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/
8e5e7e5ab8b370d6c329ec480221332ada57f0ab ...
c85c95e3d7251135ab7dc9ce3241c5835cc595a9 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Sat, 1 Jul 2023 09:08:52 +0000 (09:08 +0000)]
build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/
80e868c13c90f172d68d1f4501dee99e2479f7af ...
08b4669551908b1024bb425080c797723083c031 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Luca Boccassi [Fri, 30 Jun 2023 20:55:58 +0000 (21:55 +0100)]
Merge pull request #28187 from bluca/sbat
ukify: merge .sbat sections from stub and kernel
Lennart Poettering [Fri, 30 Jun 2023 20:51:15 +0000 (22:51 +0200)]
Merge pull request #28211 from poettering/unit-abstract
remove some explicit unit type checks from generic code, and make them abstract
Lennart Poettering [Fri, 30 Jun 2023 13:56:40 +0000 (15:56 +0200)]
mount: make unit_start() mount ratelimiting check generic
Let's move this into a vtable callout, so that unit.c doesn't check for
explicit unit types anymore.
(This is preparation for a future where we do a similar check for the
automount logic, or the swap logic.)
Lennart Poettering [Fri, 30 Jun 2023 13:50:33 +0000 (15:50 +0200)]
oom: don't encode whether unit types can do oomd hookup a second time
We already encode this in UnitVTable, hence use it. Even if it means
we'll do some minor extra iterations.
Lennart Poettering [Fri, 30 Jun 2023 13:35:49 +0000 (15:35 +0200)]
pid1: also encode whether to send plymouth notifications in UnitVTable
Lennart Poettering [Fri, 30 Jun 2023 13:31:41 +0000 (15:31 +0200)]
unit: don't encode literally which unit types to generate audit events for
Let's abstract this a bit, and keep this info purely in UnitVTable.
Daan De Meyer [Fri, 30 Jun 2023 14:06:54 +0000 (16:06 +0200)]
dbus-cgroup: Make sure we overwrite cpuset properties in drop-in
The DBUS property setter overwrites the value of the property but
writes a drop-in that extends the value. Let's make sure the drop-in
overwrites the property value as well by assigning the empty string
first.
Lennart Poettering [Fri, 30 Jun 2023 15:09:21 +0000 (17:09 +0200)]
battery-check: rework unit
Let's rename the unit to systemd-battery-check.service. We usually want
to name our own unit files like our tools they wrap, in particular if
they are entirely defined by us (i.e. not just wrappers of foreign
concepts)
While we are at it, also hook this in from initrd.target, and order it
against initrd-root-device.target so that it runs before the root device
is possibly written to (i.e. mounted or fsck'ed).
This is heavily inspired by @aafeijoo-suse's PR #28208, but quite
different ;-)
Frantisek Sumsal [Fri, 30 Jun 2023 15:08:22 +0000 (17:08 +0200)]
test: fix test_vxlan with the latest iproute2
Some options were renamed and some options with default values are not
shown unless -d(etails) is repeated.
See: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=
1215e9d3862387353d8672296cb4c6c16e8cbb72
Lennart Poettering [Fri, 30 Jun 2023 15:39:30 +0000 (17:39 +0200)]
README: strenghten wording regarding static libs
static versions of libsystems.so are not really supportable, and
encourages mix&match which we cannot really support. Make the wording
about this stronger in the README, since people apparently don'd read to
the last paragraph.