Frantisek Sumsal [Wed, 25 Oct 2023 15:40:05 +0000 (17:40 +0200)]
test: make the TPM event log checking a bit more robust
Don't hardcode the event number, so the test works correctly even if
someone wrote to the event log before us. Also, explicitly pick the
sha256 bank when checking digests, as the indexing may vary depending on
current TPM's capabilities.
Daan De Meyer [Wed, 25 Oct 2023 14:48:35 +0000 (16:48 +0200)]
meson: Always build systemd-measure
Same idea as with bootctl, we might be doing image builds from a
system that doesn't boot with UEFI but we still might want to measure
stuff for the image we're building so let's not gate this behind
ENABLE_BOOTLOADER.
Daan De Meyer [Wed, 25 Oct 2023 14:45:06 +0000 (16:45 +0200)]
meson: Always build bootctl
bootctl is rather useful to have, even if on a system without UEFI,
as it has a number of verbs that are unrelated to UEFI (e.g kernel-identify),
and more importantly, it supports --root to operate on directory trees
(which could be intended to be deployed on UEFI) so let's make sure we
always build it.
cryptenroll: validate positional arguments before looking at detail parameters
Let's switch the order in which we process positional arguments and
analyze/tweak detail parameters. Let's look at the positional arguments
first (i.e. the "big picture") and then look at the switches (i.e.
"little details").
THis doesn't matter much, but makes for better error messages I think.
At least I was very confused that a completely borked cmdline I passed
to cryptenrolled complained about some detail and let the major fuckup
pass...
Mike Yuan [Tue, 24 Oct 2023 10:10:21 +0000 (18:10 +0800)]
sleep-config: make hybrid sleep always use 'suspend' disk mode
If user requests hybrid sleep, we should always use 'suspend'
disk mode. If that's not supported, let's correctly report it
so they can choose plain hibernation instead. HybridSleepMode=
serves no purpose in this case and should be removed.
This is like --cat-config, but omits the comments and empty lines.
The name is incoungrous with --cat-config, but I don't see a nice way to
call it that wouldn't be annoyingly long.
pager_open() is moved to cat_config() to remove some lines from run().
analyze/cat-config: add switch to print only "interesting" parts of config files
When looking at configuration, often a user wants to suppress the comments and
just look at the parts that actually configure something, roughly equivalent to
systemd-analyze cat-config … | rg -v '^(#|;|$)
This switch implements this natively, skipping lines that start with a comment
character or only contain whitespace.
For formats that have section headers, section headers are skipped, if only
followed by stuff that would be skipped. (The last section header is printed
when we're about to print some actual output.)
Note that the caller doesn't know if the format has headers or not. We do format
type detection in pretty-print.c. So the caller only specifies tldr=true|false, and
conf_files_cat() figures out if the format has headers and whether those should
be handled specially.
The comments that show the file name are always printed, even if all of the file
is suppressed.
This is a partial answer to the discussions in
https://github.com/systemd/systemd/pull/28919,
https://github.com/systemd/systemd/pull/29248. If the default config is shown in
config files, the user can conveniently use '--tldr' to show the relevant parts.
Since, in this case, we really care only about the actual shutdown,
let's shorten the service stop/abort timeouts to let systemd SIGKILL all
remaining processes in the 60s `expect` window.
Yu Watanabe [Tue, 24 Oct 2023 09:13:08 +0000 (18:13 +0900)]
network: do not try to save link state file twice on boot
On enumeration, (that is, before manager_start() is called), enumerated
links may already have the dirty flag. In that case, saving the state
file in manager_start() should clear the flag.
Mike Yuan [Fri, 20 Oct 2023 16:21:20 +0000 (00:21 +0800)]
sleep-config: remove HibernateState= & HybridSleepState=, restrict
SuspendState= not to include "disk"
I don't know why these existed in the first place, but as I
justified in the comments, it's simply not sensible to allow
HibernateState= or HybridSleepState= to take values other than
'disk'. So let's just remove those options. Also, SuspendState=
should not contain 'disk'.
Let's try a different approach where we make sure that all callers only pass in
a fd that is "clean", i.e. at offset 0. The majority of callers of this function
(both direct and indirect) pass a freshly-opened fd, so the rewind call is not
needed.
tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static
These are not used outside of tpm2-util.[ch], and the way they merge
public/private key pair into one blob is kinda specific to our
implementation, hence better should be hidden away, and not used for new
code anyway.
We'll soon have a function for determining the name of an NV index,
hence let's rename the existing function for the same of a public key to
make clear it's about public keys only.
Martin Wilck [Fri, 20 Oct 2023 14:25:15 +0000 (16:25 +0200)]
units: modprobe@.service: don't unescape instance name
modprobe treats "-" and "_" interchangeably, thereby avoiding frequent
errors because some module names contain dashes and others underscores.
Because modprobe@.service unescapes the instance name, an attempt to
start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt",
which is doomed to fail. "modprobe@dm_crypt.service" will work as
expected. Thus unescaping the instance name has surprising side effects.
Use "%i" instead.
Yu Watanabe [Thu, 19 Oct 2023 16:35:03 +0000 (01:35 +0900)]
network,dhcp: restart client with 'networkctl renew' when delayed by IPv6 only mode
This is convenient when the server supports IPv6 only mode.
Otherwise, we cannot request a new address during the client is waiting an
IPv6 connectivity. Note, the minimal timespan is 5min, and a server may
send a quite large value.