Otherwise fixfiles will try to relabel it which could potentially
lead to disaster. We also change the recommendation in HACKING.md
to set the default so that TEST-06-SELINUX can override it.
stub: mem fixes in devicetree addon handling (#33624)
* stub: mem fixes in devicetree addon handling
Two bugs here: The elements are of size `DevicetreeAddon`, not `size_t`,
and `[]` binds stronger than `*`. This means the first element is ok,
but the second corrupts the stack.
We switch to PROJECT_VERSION instead of PROJECT_VERSION_FULL where
we report our version and which is likely being parsed to avoid
breaking compat. If we didn't, the output would change from systemd
255 to systemd 255.1 which could break various tools.
If the io.systemd.DynamicUser or io.systemd.Machine files exist,
but nothing is listening on them, the nss-systemd module returns
ECONNREFUSED and systemd-sysusers fails to creat the user/group.
This is problematic when ran by packaging scripts, as the package
assumes that after this has run, the user/group exist and can
be used. adduser does not fail in the same situation.
Change sysusers to print a loud warning but otherwise continue
when NSS returns an error.
The XDG base dir spec adopted ~/.local/state/ as a thing a while back,
and we updated our docs in b4d6bc63e602048188896110a585aa7de1c70c9b, but
forgot to to update the table at the bottom to fully reflect the update.
Fix that.
man: drop version info from file hiearchy man page
This file doesn't document features of systemd, but is more a of a
general description that generalizes/modernizes FHS. As such, the items
listed in it weren't "added" in systemd versions, they simply reflect
general concepts independent of any specific systemd version. hence
let's drop this misleading and confusing version info.
Or in other words, the man page currently claims under "/usr/": "Added
in version 215." – Which of course is rubbish, the directory existed
since time began.
os-util: avoid matching on the wrong extension-release file
The previous commit tries to extract a substring from the
extension-release suffix, but that is not right, it's only the
images that need to be versioned and extracted, use the extension-release
suffix as-is. Otherwise if it happens to contain a prefix that
matches the wrong image, it will be taken into account.
src/boot/efi/meson.build: ensure VERSION_TAG exists in case of cross build
The GIT_VERSION is changed to use VERSION_TAG, but in case of cross build
for src/boot/efi, it's not set, causing build error because the compiler cannot
know it's a macro thus treating it as some variable and error out.
Topi Miettinen [Wed, 26 Jun 2024 19:06:41 +0000 (22:06 +0300)]
load-fragment: allow MountImages= with paths starting with /dev
For MountImages=, if the source is a block device, it will most likely reside
in /dev. It should be also possible to mount a static device file system in
place of (or part of) /dev. So let's allow paths starting with /dev as an
exception for MountImages=.
Let's mention the new way to install the latest changes without
rebuilding the image. Let's also remove the duplicate info about
distribution packages that is already mentioned in its own section.
ukify: bring order of EFI sections in man + --help into same order as spec
Previously, the order was quite chaotic, even sometimes interleaved with
entirely unrelated switches. Let's clean this up and use the same order
as in the spec.
This doesn't change anything real, but I think it's a worthy clean-up in
particular as this order is documented as the PCR measurement order of
these sections, hence there's actually a bit of relevance to always
communicate the same order everywhere.
The patch is originally from Brenton Simpson, I (Lennart) just added some
comments and rebased it.
I didn't test this, but the patch looks so obviously right to me, that
I think we should just merge it, instead of delaying this further. In
the worst case noone notices, in the best case this makes sd-boot work
reasonably nicely on devices that only have a hadware power key + volume
rocker.
* systemd-measure should be used for measuring UKIs on vendor build
systems, i.e. only cover stuff predictable by the OS vendor, and
identical on all systems. And that is pretty much only PCR 11.
* systemd-pcrlock should cover the other PCRs, which carry inherently
local information, and can only be predicted locally and not already
on vendor build systems.
Because of that, let's not bother with any PCRs except for 11 in
systemd-measure. This was added at a time where systemd-pcrlock didn't
exist yet, and hence it wasn't clear how this will play out in the end.
efi: drop "ret_" prefix from "ret_sections[]" parameter
While we write data to this parameter, it's not really a return
parameter, we after all do not fully set it, we just fill in some
fields. Hence it must be initialized beforehand.
According to our coding style only parameters that are purely used for
returning something should be named "ret_xyz", hence this one should not
be.
(We'll later rely on the current behaviour that it leaves array entries
for which we find no sections untouched, hence leave behaviour as is,
just rename the parameters to something more appropriate).
(Since we are dropping the "ret_" prefix of "ret_sections", let's rename
the old "section" parameter at the same time to "section_names", to make
clearer what it is about).
mkosi: Copy packages to the build directory as well
With the latest mkosi, mkosi -t none can be used to rerun the build
script without messing with a previously built image. This allows
one to run "mkosi -t disk -f qemu" in one terminal to build and boot
an image in qemu and then run "mkosi -t none" in another terminal to
rebuild the packages. If one then has "RuntimeBuildSources=yes" set
in their mkosi configuration, the build directory is mounted into the
virtual machine, which means that one can then run "dnf upgrade
/work/build/*.rpm" from within the VM to install the new packages.
This allows for quickly iterating on changes without having to rebuild
the image all the time.
We'll probably want to document this at some point, but let's start
with making it possible by copying the built packages to the build directory.
mkosi: Make sure we don't hide errors from git merge-base
Currently if git merge-base fails we'll hide the error and exit with
exit status 0. Let's make we only exit early if git merge-base exits
with 1 which indicates the current commit is not on the target branch.
Any other error is considered fatal.
Anton Golubev [Wed, 3 Jul 2024 07:42:24 +0000 (10:42 +0300)]
hwdb: Add some HP IR cameras
Two very similar devices, with two functions - a regular camera and IR.
The peculiarity of their infrared camera is that it uses a color image
format (YUYV), although it is essentially black and white.
The IR camera interface differs from the regular camera interface by name:
"HP Wide Vision FHD Camera: HP W" for the regular camera and
"HP Wide Vision FHD Camera: HP I" for an infrared camera
Therefore, glob *I is used to separate the IR camera
* f9fe17dbde Use vmlinux.h from kernel-devel
* 9cbad936a6 Pull in openssl-devel-engine
* 8ae009f929 Only add Requires on python3-zstd on Fedora
* 750e910c7c Drop BuildRequires on python3-zstd
meson: Define __TARGET_ARCH macros required by bpf
These are required by the bpf_tracing.h header in libbpf, see
https://github.com/libbpf/libbpf/blob/master/src/bpf_tracing.h.
bpf_tracing.h does have a few fallbacks in case __TARGET_ARCH_XXX
is not defined but recommends using the __TARGET_ARCH macros instead
so let's do that.
coredump: correctly take tmpfs size into account for compression
We calculate the amount of uncompressed data we can write by taking the limits
into account and halving it to ensure there's room for switching to compression
on the fly when storing cores on a tmpfs (eg: due read-only rootfs).
But the logic is flawed, as taking into account the size of the tmpfs storage
was applied after the halving, so in practice when an uncompressed core file
was larger than the tmpfs, we fill it and then fail.
Rearrange the logic so that the halving is done after taking into account
the tmpfs size.
These functions after all write EFI UTF-16 strings, i.e. are relatively
high-level, hence give them a specific name indicating the type, to
match our other helpers that have similar type suffixes.
Daniel Rusek [Thu, 6 Jun 2024 21:44:38 +0000 (23:44 +0200)]
test: split the resolved test suite into separate test cases
Although being far from ideal and the first two test cases have to be run
before the setup phase otherwise they will fail, it still makes the test
suite look much better and easier to read
This addresses an issued introduced by 278e815bfa3e4c2e3914e00121c37fc844cb2025, which dropped the a dependency
from user@.service systemd-user-sessions.service without replacement.
While dropping that dependency does make sense, it should have been
replaced with the weaker dependency on systemd-logind.service, hence fix
that now.
user@.service is after all a logind concept, hence logind really should
be around for its lifetime.
systemd-user-sessions.service is a later milestone that only really
should apply to regular users (not root), hence it's too strong a
requirement.
Daan De Meyer [Fri, 28 Jun 2024 18:12:51 +0000 (20:12 +0200)]
Use read_full_file_full() in read_smbios11_field()
read_virtual_file() will only read up to page size bytes of data
from /sys/firmware/dmi/entries/.../raw so let's use read_full_file_full()
instead to make sure we read all data.
This should be safe since smbios11 data can be considered immutable
during the lifetime of the system.
Various of our tools operate on block devices, and it's not always
obvious to know which block devices are actually appropriate for use.
Hence, let's add a helper that allows to list block devices, and
supports some limited filtering.
projects / thirdparty / systemd.git / log
