Clayton Craft [Fri, 19 Jan 2024 00:20:55 +0000 (16:20 -0800)]
boot: don't print error if device tree fixup protocol isn't supported
This isn't a failure we care about, and it's somewhat alarming to see a
red error message flash up on the display when booting, so this just
simply returns EFI_SUCCESS and skips printing the "error" altogether.
Frantisek Sumsal [Thu, 18 Jan 2024 16:20:52 +0000 (17:20 +0100)]
journalctl: consider shut down namespaced sd-journald instance synced
If the namespaced systemd-journald instance was shut down due to
inactivity, we can consider it synchronized, so avoid throwing an error
in such case.
This should help with the random TEST-44-LOG-NAMESPACE fails where we
might try to sync the namespace just after it was shut down:
[ 7.682941] H testsuite-44.sh[381]: + systemd-run --wait -p LogNamespace=foobaz echo 'hello world'
[ 7.693916] H systemd-journald[389]: Failed to open /dev/kmsg, ignoring: Operation not permitted
[ 7.693983] H systemd-journald[389]: Collecting audit messages is disabled.
[ 7.725511] H systemd[1]: Started systemd-journald@foobar.service.
[ 7.726496] H systemd[1]: Listening on systemd-journald-varlink@foobaz.socket.
[ 7.726808] H systemd[1]: Listening on systemd-journald@foobaz.socket.
[ 7.750774] H systemd[1]: Started run-u3.service.
[ 7.795122] H systemd[1]: run-u3.service: Deactivated successfully.
[ 7.842042] H testsuite-44.sh[390]: Running as unit: run-u3.service; invocation ID: 56380adeb36940a8a170d9ffd2e1e433
[ 7.842561] H systemd[1]: systemd-journald-varlink@foobaz.socket: Deactivated successfully.
[ 7.842762] H systemd[1]: Closed systemd-journald-varlink@foobaz.socket.
[ 7.846394] H systemd[1]: systemd-journald@foobaz.socket: Deactivated successfully.
[ 7.846566] H systemd[1]: Closed systemd-journald@foobaz.socket.
[ 7.852983] H testsuite-44.sh[390]: Finished with result: success
[ 7.852983] H testsuite-44.sh[390]: Main processes terminated with: code=exited/status=0
[ 7.852983] H testsuite-44.sh[390]: Service runtime: 44ms
[ 7.852983] H testsuite-44.sh[390]: CPU time consumed: 8ms
[ 7.852983] H testsuite-44.sh[390]: Memory peak: 880.0K
[ 7.852983] H testsuite-44.sh[390]: Memory swap peak: 0B
[ 7.853785] H testsuite-44.sh[381]: + journalctl --namespace=foobar --sync
[ 7.860095] H systemd-journald[389]: Received client request to sync journal.
[ 7.862119] H testsuite-44.sh[381]: + journalctl --namespace=foobaz --sync
[ 7.868381] H journalctl[396]: Failed to connect to /run/systemd/journal.foobaz/io.systemd.journal: Connection refused
[ 7.871498] H systemd[1]: testsuite-44.service: Main process exited, code=exited, status=1/FAILURE
[ 7.871642] H systemd[1]: testsuite-44.service: Failed with result 'exit-code'.
[ 7.930772] H systemd[1]: Failed to start testsuite-44.service.
Yu Watanabe [Wed, 17 Jan 2024 01:07:19 +0000 (10:07 +0900)]
nspawn-network: also check alternative names
If the requested new name for a network interface is already assigned as a
alternative name, then it is not necessary to and cannot rename the
interface.
Yu Watanabe [Wed, 17 Jan 2024 00:48:12 +0000 (09:48 +0900)]
nspawn-network: split out move_network_interface_one()
This also changes to use sd_device to get some attributes.
So, on moving interfaces back to the parent, we need to populate sysfs
associated to the client netns.
That may look redundant and complicated, but it makes later change
easier, and hopefully faster.
Although DocBook 4.5 states that `cmdsynopsis` can be used within `term` [1],
and `term` within `varlistentry`, `man` does not display the list of commands
after this change. FWIW, `cmdsynopsis` is used tree-wide within `refsynopsisdiv`
only.
Black-Hole1 [Fri, 19 Jan 2024 03:38:49 +0000 (11:38 +0800)]
virt: support detection of Apple Virtualization guests with cpuid
This is a supplement to #24419. On macOS Intel machines, detection needs to be done through cpuid.
In macOS, `dmi_vendors` detection is only applicable to M series.
Alberto Planas [Thu, 18 Jan 2024 14:38:30 +0000 (15:38 +0100)]
Measure empty PK and KEK EFI vars
The OVMF UEFI firmware is measuring PK and KEK when secure boot is
disabled, and those variables are absent. This can be checked via the
event log to see that there are extensions for PCR 7 associated with PK
and KEK events of type EV_EFI_VARIABLE_DRIVER_CONFIG.
When running the "lock-secureboot-policy" verb, pcrlock complains that
those variables are not found and refuse to generate the
240-secureboot-policy.pcrlock.d/generated.pcrlock file.
The "TCG PC Client Platform Firmware Profile Specification Version 1.05
Revision 23"[1] from May 7, 2021, in section "3.3.4.8 PCR[7] - Secure
Boot Policy Measurements", point 10.b:
If reading a UEFI variable returns UEFI_NOT_FOUND, platform firmware
SHALL measure the absence of the variable. The
UEFI_VARIABLE_DATA.VariableDataLength field MUST be set to zero and
UEFI_VARIABLE_DATA.VariableData field will have a size of zero.
This patch mark those variables to be marked as "synthesize empty",
generating the correct hash for those variables.
dissect-image: introduce new get_common_dissect_directory() helper
So far, if some component mounts a DDI in some local mount namespace we
created a temporary mountpoint in /tmp/ for that. Let's instead use the
same directory inode in /run/ instead. This is safe, since if everything
runs in a local mount namespace (with propagation on /run/ off) then
they shouldn't fight for the inode. And it relieves us from having to
clean up the directory after use. Morever, it allows us to run without
/tmp/ mounted.
This only moves dissect-image.c and the dissec tool over. More stuff is
moved over later.
man: don't suggest using pam_unix.so's use_authtok switch
Our dumbed down example PAM stacks do not contain cracklib/pwq modules,
hence using use_authtok on the pam_unix.so password change stack won't
work, because it has the effect that pam_unix.so never asks for a
password on its own, expecting the cracklib/pwq modules to have
queried/validated them beforehand.
I noticed this issue because of #30969: Debian's PAM setup suffers by
the same issue – even though they don't actually use our suggested PAM
fragments at all.
mime: expose a mime type for encrypted credentials
Let's make things nice for desktops, and provide a mime type for
credential files.
This uses the 128bit header identifier that our credential files start
with. However, the files are always base64 encoded, hence we have to
match the base64 string, hence add a small test case that generates them
properly for us, and truncates them at the right place (since 128 is not
evently divisable by 6).
Mike Yuan [Wed, 17 Jan 2024 11:52:40 +0000 (19:52 +0800)]
hibernate-util: log that we actually read /sys/power/resume* rather than cmdline
/sys/power/resume is always populated by the initrd, while
/sys/power/resume_offset might have been populated by
the kernel itself. Therefore, if the user is using an initrd
that doesn't include resume hook, the hibernation would fail,
which is expected. However, it was hard to track down the real
problem, since the previous log message suggested that resume=
is not set through kernel cmdline.
varlink: introduce varlink_call_and_log() which calls and then logs an error
As it turns out we do this in a similar way at various times (and
sometimes incorrectly), hence add a common implementation to share the
code and fix the incorrect behaviour.
varlink: drop "ret_flags" parameter from varlink_call()
The parameter returns the flags field of the reply message. This is only
relevant in very few cases, hence drop it from the call, but keep it in
a more generic varlink_call_full() call for those who need it.
varlink: if varlink_call() is called with ret_error_id=NULL propagate error via return value
It's OK if callers don't want to know the varlink error string. But in
that case return the fact the call failed via the return value, as a
negative errno as usual, to make sure it's not accidentally ignored.
varlink: in varlink_observe() correctly collect error parameters
In varlink errors can have parameters (and they regularly do, for
example the io.systemd.System error we generate carries the errno in its
parameter), hence it's essential that varlink_oberserve collects that
properly and returns it too.
Frantisek Sumsal [Tue, 16 Jan 2024 21:25:04 +0000 (22:25 +0100)]
meson: disable -Wnonnull-compare
This gets enabled by default in gcc-14 and complains everywhere where we
use assert() on an expression that is always true (i.e. using
`int x[static 2]` in function declaration, etc.):
[153/2414] Compiling C object src/basic/libbasic.a.p/fs-util.c.o
In file included from ../src/basic/macro.h:13,
from ../src/basic/alloc-util.h:10,
from ../src/basic/fs-util.c:11:
../src/basic/fd-util.h: In function ‘format_proc_fd_path’:
../src/fundamental/macro-fundamental.h:74:41: warning: ‘nonnull’ argument ‘buf’ compared to NULL [-Wnonnull-compare]
74 | #define _unlikely_(x) (__builtin_expect(!!(x), 0))
| ^~~~~
../src/basic/macro.h:150:21: note: in expansion of macro ‘_unlikely_’
150 | if (_unlikely_(!(expr))) \
| ^~~~~~~~~~
../src/basic/macro.h:167:22: note: in expansion of macro ‘assert_message_se’
167 | #define assert(expr) assert_message_se(expr, #expr)
| ^~~~~~~~~~~~~~~~~
../src/basic/fd-util.h:129:9: note: in expansion of macro ‘assert’
129 | assert(buf);
| ^~~~~~
Disabling this selectively only for asserts is a bit painful, since the
option is not available in all compilers, and it'd need to be handled in
the EFI stuff as well.
Mike Yuan [Sun, 14 Jan 2024 14:16:32 +0000 (22:16 +0800)]
loginctl: show more info in list-sessions (ListSessionsEx())
At the same time, 8b6c039a1ac73da006bfe9d5735515bba12ef3c4 is reverted, i.e.
session state is removed from the output. It was added to workaround #26744,
and doesn't really make too much sense after the issue is properly fixed.
Mike Yuan [Sun, 14 Jan 2024 13:18:07 +0000 (21:18 +0800)]
man: don't use versioned standard-options
no-pager-255 was added in #29184, which I reviewed and agreed.
However, as #30887 came up, I reconsidered it a bit, and now
I actually think that this should be removed.
We add new tools that refer to these standard options. During
the process, some options are also promoted to be standard ones.
I think a more sane practice is to generally keep old tools in
the loop, rather than overloading the standard-options with versions.
Dan Streetman [Tue, 16 Jan 2024 15:39:06 +0000 (10:39 -0500)]
tpm2: If unsealing results in policy hash mismatch when using RSA pubkey, possibly retry
The commit e3acb4d24c68291376b11bea5787112978e2775f changed how we format a
TPM2B_PUBLIC object from an openssl PEM RSA key if it used the TPM-defined
"default" RSA exponent, to instead set the TPM2B_PUBLIC RSA exponent to the
special-case value of 0. This broke backwards compatibility with
previously-sealed data. The previous commit fixed our code to no longer use the
"special case" exponent value of 0, while this commit adds a fallback check for
any sealed data that used the exponent value of 0. Now unsealing should work
for sealed data that used either method (either 0 or the actual value).
Dan Streetman [Tue, 16 Jan 2024 18:49:45 +0000 (13:49 -0500)]
test: check TPM2B_PUBLIC "name" during PEM->TPM2B_PUBLIC conversion tests
Check the calculated TPM2B_PUBLIC key "name" to verify our PEM->TPM2B_PUBLIC
function remains consistent with previous code. This is important as the
TPM2B_PUBLIC "name" is used in the Authorize policy and so any change to a key
"name" would break unsealing for previously-sealed objects (see bug #30546).
Note that the tpm2_tpm2b_public_from_openssl_pkey() function results in a
TPM2B_PUBLIC with the same "name" as using the tpm2-tools program
tpm2_loadexternal, at least as of tpm2-tools version 5.6.18, with the test keys
from TEST(tpm2b_public_from_openssl_pkey) in src/test/test-tpm2.
Dan Streetman [Tue, 16 Jan 2024 17:26:45 +0000 (12:26 -0500)]
test: verify PEM->TPM2B_PUBLIC conversion for RSA key with non-default exponent
The tpm2 test currently verifies PEM->TPM2B_PUBLIC conversion for an RSA key
with the default exponent (0x10001); this adds verification for an RSA key with
a non-default exponent.
Dan Streetman [Tue, 16 Jan 2024 15:02:47 +0000 (10:02 -0500)]
tpm2: Do not use RSA exponent special-case default value in PEM->TPM2B_PUBLIC conversion
The openssl default value for an RSA key exponent value is 0x10001, and the TPM
specification defines a exponent value of 0 as representing this value. The
systemd code that converted an RSA PEM public key to a TPM2B_PUBLIC object
previously used the exponent value directly, but commit e3acb4d24c68291376b11bea5787112978e2775f changed the conversion to use the
special case exponent value of 0 for any RSA key with an exponent value of
0x10001.
Because the entire TPM2B_PUBLIC object is used to calculate its "name", this
difference in exponent value (0x10001 vs 0) introduced a change in the key
"name". Since the Authorize policy uses the key "name" directly in its policy
session hash value, this change resulted in new systemd code being unable to
properly unseal any data (e.g. a LUKS volume) that was previously sealed.
This reverts the code to no longer override an RSA exponent value of 0x10001
with the special case value of 0.
Yu Watanabe [Tue, 16 Jan 2024 16:04:18 +0000 (01:04 +0900)]
wait-online: several cleanups for LinkOperationalState
- fix memleak in parser,
- fix missing return in parser on failure,
- drop unnecessary temporary argument in command line argument parser,
- use recently introduced macros and helper functions.
Yu Watanabe [Tue, 16 Jan 2024 16:01:32 +0000 (01:01 +0900)]
network: several cleanups for LinkOperationalState
- introduce link_required_operstate_for_online() helper function,
- use recently introduced macros and helper functions,
- unconditionally serialize the minimum and maximum of required
operational state.
A S Alam [Tue, 16 Jan 2024 14:35:41 +0000 (15:35 +0100)]
po: Translated using Weblate (Punjabi)
Currently translated at 32.1% (73 of 227 strings)
Co-authored-by: A S Alam <aalam@users.noreply.translate.fedoraproject.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/pa/
Translation: systemd/main