units: enable systemd-network-generator by default
It is used by udevd and networkd. Since udevd is enabled statically, let's also
change the preset to "on". networkd is opt-in, so let's pull in the generator
when enabling networkd too.
journactl: show info about journal range only at debug level (#21775)
The message that the "journal begins … ends …" has been always confusing to
users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even
more confusing, but really the change in b91ae210e62 didn't substantially change
this.)
When the range shown is limited (by -e, -f, --since, or other options), it
doesn't really matter to the user what the oldest entries are, since they are
purposefully limiting the range. In fact, if we are showing the last few
entries with -e or -f, knowing that many months the oldest entries have is
completely useless.
And when such options are *not* used, the first entry generally corresponds to
the beginning of the range shown, and the last entry corresponds to the end of
that range. So again, it's not particularly useful, except when debugging
journalctl or such. Let's just treat it as a debug message.
hostnamectl: add a chassis symbol in status output
The idea is to be able to distinguish whether we're in a VM/container or something
more substantial at a glance.
Chassis: laptop 💻
Chassis: tablet 具
Chassis: vm 🖴
Chassis: server 🖳
Chassis: handset 🕻
Chassis: watch ⌚
Chassis: desktop 🖥
Chassis: container ☐
Nishal Kulkarni [Tue, 14 Dec 2021 08:43:13 +0000 (14:13 +0530)]
shell-completion: Add completion for systemd-analyze critical-chain
systemd-analyze critical-chain accepts an optional unit argument,
however currently there's no shell-completion for it
This change provides unit name completion for both bash and zsh.
Sho Iizuka [Mon, 13 Dec 2021 13:53:36 +0000 (22:53 +0900)]
man: how to unset CPUQuota=
This description will help users who are trying to reset the already configured
CPUQuota= by trying incorrect ways such as CPUQuota=0 or CPUQUota=infinity.
Luca Boccassi [Sun, 12 Dec 2021 23:42:58 +0000 (23:42 +0000)]
test: bump timeout for TEST-50-DISSECT and TEST-67-INTEGRITY
TEST-67-INTEGRITY times out quite often, and when it passes
it does so a few seconds short of the timeout. It's a slow
qemu test, so bump the timeout.
TEST-50-DISSECT has been reported to fail in the same way
on Debian's infrastructure, again narrowly failing or passing
just short of the timeout.
igo95862 [Sat, 11 Dec 2021 10:59:17 +0000 (13:59 +0300)]
Disable exporting D-Bus Introspection XML if cross-compiling
This is a soft disable. Passing `dbus-interfaces-dir` build option
will with path or 'yes' enable exports again even when cross
compiling. (maybe your environment will allow to execute
cross compiled binaries)
Jarkko Sakkinen [Sat, 11 Dec 2021 04:39:59 +0000 (06:39 +0200)]
Enable /dev/sgx_vepc access for the group 'sgx'
Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs
to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU
6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for
VMs. EPC is the reserved physical memory used for hosting enclaves.
Jan Janssen [Thu, 2 Dec 2021 12:07:23 +0000 (13:07 +0100)]
boot: Add BCD store parser
This replaces the memmem-based approach of finding a suitable title
for the windows boot manager with one that actually parses the BCD
store. It's probably faster but more importantly, it's more correct.
The memmem approach may detect stale title strings that are still
in the file but unused due to the way registry hives are updated.
This approach also allows us to detect if the BCD store is multi-boot
so that we can fall back on the generic one instead.
Jan Janssen [Sat, 11 Dec 2021 12:47:21 +0000 (13:47 +0100)]
meson: Fix gnu-efi detection for clang
The gnu-efi headers emit some warnings in clang when not compiled with
-ffreestanding. This is normally not an issue for has_header_symbol()
unless meson is run with CFLAGS="-Werror". Note that this differs
from the --werror option, which does not get passed to clang.
Work around this by adding some compile args to the has_header_symbol()
invocation.
Topi Miettinen [Tue, 7 Dec 2021 20:34:17 +0000 (22:34 +0200)]
namespace: allow overriding /run with a TemporaryFileSystem=
Lower priority of RUN, so that TMPFS and especially the mount flags given with
`TemporaryFileSystem=` are used.
This allows making `/run` private with drop-ins such as:
```
[Service]
BindReadOnlyPaths=/run/systemd:/run/systemd:norbind
TemporaryFileSystem=/run:nodev,noexec,nosuid,rw,size=32k,nr_inodes=10,mode=0755
```
Adrian Vovk [Wed, 8 Dec 2021 02:21:40 +0000 (21:21 -0500)]
stub: Load credentials from \loader\credentials\*.cred
Some types of credentials that a user would want to pass
into the initrd do not depend on the specific kernel/initrd
version. For instance, this can include SSH keys, rootfs
encryption keys, dm-integrity keys, and so on. This
introduces a directory where such credentials can be placed
so that any kernel image will load them
Yu Watanabe [Fri, 10 Dec 2021 11:07:35 +0000 (20:07 +0900)]
test: addresses shell check warning
This fixes the following warning:
-----
In /github/workspace/test/units/testsuite-62.sh line 39:
KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"
LaserEyess [Fri, 10 Dec 2021 00:28:31 +0000 (19:28 -0500)]
network: rename SetupState to AdministrativeState
This is more consistent with the terminology used elsewhere. In
particular it is consistent with the name of the property exposed over
dbus for the link state.
Luca Boccassi [Thu, 9 Dec 2021 22:16:19 +0000 (22:16 +0000)]
meson: exclude .gitattributes when using install_subdir
It picks the whole content of the directory by default, but we don't
want to install .gitattributes files. Add it to all invocations, not
just the ones on subdirs with .gitattributes, so that we don't regress
in the future.
Yu Watanabe [Thu, 9 Dec 2021 07:38:02 +0000 (16:38 +0900)]
network: sd-ipv4ll and sd-ipv4acd only support ethernet interfaces
The deny list in link_ipv4ll_enabled() are mostly non-ethernet type,
whose link->iftype are not ARPHRD_ETHER, e.g. ARPHRD_NONE for bareudp,
ARPHRD_WIREGURAD for wireguard, ARPHRD_GRE for gre, and so on.
Only the exception is vrf, which is ARPHRD_ETHER, but seems not to
support ARP.
Bump the max number of inodes for /tmp to a million too
Fixes #21626. (The bug report talks about /run, but the issue is actually with
/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking
packages, and 400k is not much. Let's raise is a bit.
openssl: supress warnings about functions deprecated by openssl 3.0
We get warnings for RSA_free(), EC_KEY_free(), EC_KEY_new(), etc. Those
functions are now deprecated and we're supposed to use the new "EVP API" that
is all the rage in openssl 3.0.
With some effort I converted dnssec_rsa_verify_raw() to use the new API. The
code is significantly longer and, if anything, less readable. The EC code is
more complicated and I assume that the EVP API version will be even more
complex. It is possiblet that I'm missing some way to call the new functions in
a better way, but the documentation is abysmal, so it's really hard to figure
out the best way. Of course there are almost no examples, and the ones that are
there are not terribly useful and are also stubs that don't do interesting
things, don't implement error handling, or memory cleanup. I'll submit my
conversion draft as a separate PR. Maybe somebody who knows openssl better
will pick it up and write a proper solution.
For now, let's just use the existing code, but suppress the warnings. The
new version just came out, so it's unlikely that the deprecated functions will
be removed any time soon.