Based on a report from Fossies.org using Codespell.
Followup to #15436
space if there are multiple devices with the highest priority.
* /etc/crypttab support has learnt a new keyfile-timeout= per-device
- option that permits selecting the timout how long to wait for a
+ option that permits selecting the timeout how long to wait for a
device with an encryption key before asking for the password.
* IOWeight= has learnt to properly set the IO weight when using the
that is removed when the container dies. Specifically, if the source
directory is specified as empty string this mechanism is selected. An
example usage is --overlay=+/var::/var, which creates an overlay
- mount based on the original /var contained in the image, overlayed
+ mount based on the original /var contained in the image, overlaid
with a temporary directory in the host's /var/tmp. This way changes
to /var are automatically flushed when the container shuts down.
* Calendar time specifications in .timer units now also
understand the strings "semi-annually", "quarterly" and
"minutely" as shortcuts (in addition to the preexisting
- "anually", "hourly", ...).
+ "annually", "hourly", ...).
* systemd-tmpfiles will now correctly create files in /dev
at boot which are marked for creation only at boot. It is
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
-* homed/userdb: distuingish passwords and recovery keys in the records, since
+* homed/userdb: distinguish passwords and recovery keys in the records, since
we probably want to use different PBKDF algorithms/settings for them:
passwords have low entropy but recovery keys should have good entropy key
hence we can make them quicker to work.
systemd-makefs.service instead.
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
- with matches, then actviate app thorugh that passing socket oveer
+ with matches, then activate app through that passing socket over
* unify on openssl:
- port sd_id128_get_machine_app_specific() over from khash
that the device paths stay the same, regardless if crypto is used or not.
* systemd-repart: by default generate minimized partition tables (i.e. tables
- that only covere the space actually used, excluding any free space at the
+ that only cover the space actually used, excluding any free space at the
end), in order to maximize dd'ability. Requires libfdisk work, see
https://github.com/karelzak/util-linux/issues/907
-* systemd-repart: optionally, allow specifiying a path to initialize new
+* systemd-repart: optionally, allow specifying a path to initialize new
partitions from, i.e. an fs image file or a source device node. This would
then turn systemd-repart into a simple installer: with a few .repart files
you could replicate the host system on another device. a full installer would
systemd --user is shut down.
- logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
- maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
- - distuingish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
+ - distinguish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
- in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
- fingerprint authentication, pattern authentication, …
- make sure "classic" user records can also be managed by homed
this specification. This specification only defines semantics of the `/loader/`
directory inside the file system (see below), but it doesn't intend to define
ownership of the whole file system exclusively. Boot loaders, firmware, and
-other software implementating this specification may choose to place other
+other software implementing this specification may choose to place other
files and directories in the same file system. For example, boot loaders that
implement this specification might install their own boot code into the `$BOOT`
partition. On systems where `$BOOT` is the ESP this is a particularly common
applications.
This could e.g. mean reserving memory to session processes,
preferentially killing background tasks in out-of-memory situations
-or assinging different memory/CPU/IO priorities to ensure that the session
+or assigning different memory/CPU/IO priorities to ensure that the session
runs smoothly under load.
TODO: Will there be a default to place units into e.g. `apps.slice` by default
this is a bind mount, in case of `cifs` this is a CIFS network mount, and in
case of the LUKS2 backend a regular block device mount of the file system
contained in the LUKS2 image. By requiring a mount for all cases (even for
-those that already are a directory) a clear logic is defined to distuingish
+those that already are a directory) a clear logic is defined to distinguish
active and inactive home directories, so that the directories become
inaccessible under their regular path the instant they are
deactivated. Moreover, the `nosuid`, `nodev` and `noexec` flags configured in
2. `io.systemd.Multiplexer` → This service multiplexes client queries to all
other running services. It's supposed to simplify client development: in
order to look up or enumerate user/group records it's sufficient to talk to
- one service instead of all of them in parallel. Note that it is not availabe
+ one service instead of all of them in parallel. Note that it is not available
during earliest boot and final shutdown phases, hence for programs running
in that context it is preferable to implement the parallel lookup
themselves.
today) that uses it to separate user and group names in the command's
parameter: without consulting the user/group databases it is not possible to
determine if a `chown` invocation would change just the owning user or both the
-owning user and group. It also allows embeddeding `@` (which is confusing to
+owning user and group. It also allows embedding `@` (which is confusing to
MTAs).
## Common Core
user units. For non-graphical sessions, <filename>default.target</filename> is used. Whenever the user
logs into a graphical session, the login manager will start the
<filename>graphical-session.target</filename> target that is used to pull in units required for the
- grahpical session. A number of targets (shown on the right side) are started when specific hardware is
+ graphical session. A number of targets (shown on the right side) are started when specific hardware is
available to the user.</para>
<programlisting>
<listitem><para>An individual LUKS2 encrypted loopback file for a user, stored in
<filename>/home/*.home</filename>. At login the file system contained in this files is mounted, after
the LUKS2 encrypted volume has been attached. The user's password is identical to the encryption
- passphrase of the LUKS2 volume. Access to data without preceeding user authentication is thus not
+ passphrase of the LUKS2 volume. Access to data without preceding user authentication is thus not
possible, even for the system administrator. This storage mechanism provides the strongest data
security and is thus recommended.</para></listitem>
matching the user in name and numeric UID/GID. Thus any groups listed here must be registered
independently, for example with <citerefentry
project='man-pages'><refentrytitle>groupadd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. If
- non-existant groups that are listed there are ignored. This option may be used more than once, in
+ non-existent groups that are listed there are ignored. This option may be used more than once, in
which case all specified group lists are combined.</para></listitem>
</varlistentry>
project='man-pages'><refentrytitle>su</refentrytitle><manvolnum>1</manvolnum></citerefentry> or a
similar tool. Use <option>--rlimit=LIMIT_NPROC=</option> to place a limit on the tasks actually
running under the UID of the user, thus excluding any child processes that might have changed user
- identity. This controls the <varname>TasksMax=</varname> settting of the per-user systemd slice unit
+ identity. This controls the <varname>TasksMax=</varname> setting of the per-user systemd slice unit
<filename>user-$UID.slice</filename>. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for further details.</para></listitem>
<varlistentry>
<term><command>passwd</command> <replaceable>USER</replaceable></term>
- <listitem><para>Change the password of the specified home direcory/user account.</para></listitem>
+ <listitem><para>Change the password of the specified home directory/user account.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term>
- <listitem><para>Make pattern matching case sensitive or case insenstive.</para>
+ <listitem><para>Make pattern matching case sensitive or case insensitive.</para>
</listitem>
</varlistentry>
<para>Turning this option on by default is highly recommended for all sessions, but only if the
service managing these sessions correctly implements the aforementioned re-authentication. Note that
- the re-authentication must take place from a component runing outside of the user's context, so that
+ the re-authentication must take place from a component running outside of the user's context, so that
it does not require access to the user's home directory for operation. Traditionally, most desktop
environments do not implement screen locking this way, and need to be updated
accordingly.</para></listitem>
<listitem><para>When set to <literal>1</literal>, this device automatically
generates a new and independent seat, which is named after the path of the
- device. This is set for specialized USB hubs like the Plugable devices, which when
+ device. This is set for specialized USB hubs like the Pluggable devices, which when
plugged in should create a hotplug seat without further configuration.</para>
</listitem>
</varlistentry>
<refsect1>
<title>Return Value</title>
- <para>On success, theis functions return 0 or a positive integer. On failure, it returns a
+ <para>On success, this functions return 0 or a positive integer. On failure, it returns a
negative errno-style error code.</para>
<refsect2>
<para>The <function>SD_HWDB_FOREACH_PROPERTY</function> macro combines
<function>sd_hwdb_seek()</function> and <function>sd_hwdb_enumerate()</function>. No error handling is
- performed and interation simply stops on error. See the example below.</para>
+ performed and iteration simply stops on error. See the example below.</para>
</refsect1>
<refsect1>
file. This function caches the machine ID internally to make retrieving the machine ID a cheap operation. This ID
may be used wherever a unique identifier for the local system is needed. However, it is recommended to use this ID
as-is only in trusted environments. In untrusted environments it is recommended to derive an application specific
- ID from this machine ID, in an irreversable (cryptographically secure) way. To make this easy
+ ID from this machine ID, in an irreversible (cryptographically secure) way. To make this easy
<function>sd_id128_get_machine_app_specific()</function> is provided, see below.</para>
<para><function>sd_id128_get_machine_app_specific()</function> is similar to
points of the file system namespace created for each process of this unit. Other file system namespacing unit
settings (see the discussion in <varname>PrivateMounts=</varname> above) will implicitly disable mount and
unmount propagation from the unit's processes towards the host by changing the propagation setting of all mount
- points in the unit's file system namepace to <option>slave</option> first. Setting this option to
+ points in the unit's file system namespace to <option>slave</option> first. Setting this option to
<option>shared</option> does not reestablish propagation in that case.</para>
<para>If not set – but file system namespaces are enabled through another file system namespace unit setting –
trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
routers are found on the link. The default is to disable RA reception for bridge devices or when IP
forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
- local adressing is disabled.</para>
+ local addressing is disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the
<literal>[IPv6AcceptRA]</literal> section, see below.</para>
<varlistentry>
<term><varname>SendDecline=</varname></term>
<listitem>
- <para>A boolen. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
+ <para>A boolean. When <literal>true</literal>, DHCPv4 clients receives IP address from DHCP server.
After new IP is received, DHCPv4 performs IPv4 Duplicate Address Detection. If duplicate use of IP is detected
the DHCPv4 client rejects the IP by sending a DHCPDECLINE packet DHCP clients try to obtain an IP address again.
See <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
option is used without <varname>RemainAfterExit=</varname> the service will never enter
<literal>active</literal> unit state, but directly transition from <literal>activating</literal>
to <literal>deactivating</literal> or <literal>dead</literal> since no process is configured that
- shall run continously. In particular this means that after a service of this type ran (and which
+ shall run continuously. In particular this means that after a service of this type ran (and which
has <varname>RemainAfterExit=</varname> not set) it will not show up as started afterwards, but
as dead.</para></listitem>
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the start time to be extended beyond <varname>TimeoutStartSec=</varname>. The first receipt of this message
- must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has exended beyond
+ must occur before <varname>TimeoutStartSec=</varname> is exceeded, and once the start time has extended beyond
<varname>TimeoutStartSec=</varname>, the service manager will allow the service to continue to start, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
startup status is finished by <literal>READY=1</literal>. (see
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the stop time to be extended beyond <varname>TimeoutStopSec=</varname>. The first receipt of this message
- must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has exended beyond
+ must occur before <varname>TimeoutStopSec=</varname> is exceeded, and once the stop time has extended beyond
<varname>TimeoutStopSec=</varname>, the service manager will allow the service to continue to stop, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
<para>If a service of <varname>Type=notify</varname> handles <constant>SIGABRT</constant> itself (instead of relying
on the kernel to write a core dump) it can send <literal>EXTEND_TIMEOUT_USEC=…</literal> to
extended the abort time beyond <varname>TimeoutAbortSec=</varname>. The first receipt of this message
- must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has exended beyond
+ must occur before <varname>TimeoutAbortSec=</varname> is exceeded, and once the abort time has extended beyond
<varname>TimeoutAbortSec=</varname>, the service manager will allow the service to continue to abort, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified, or terminates itself
(see <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
<para>If a service of <varname>Type=notify</varname> sends <literal>EXTEND_TIMEOUT_USEC=…</literal>, this may cause
the runtime to be extended beyond <varname>RuntimeMaxSec=</varname>. The first receipt of this message
- must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has exended beyond
+ must occur before <varname>RuntimeMaxSec=</varname> is exceeded, and once the runtime has extended beyond
<varname>RuntimeMaxSec=</varname>, the service manager will allow the service to continue to run, provided
the service repeats <literal>EXTEND_TIMEOUT_USEC=…</literal> within the interval specified until the service
shutdown is achieved by <literal>STOPPING=1</literal> (or termination). (see
-# Make sure noone can read the files we generate but us
+# Make sure no one can read the files we generate but us
umask 077
# Destroy any old key on the Yubikey (careful!)
rm pubkey.pem
# Test: Let's run systemd-cryptsetup to test if this all worked. The option string should contain the full
-# PKCS#11 URI we have in the clipboard, it tells the tool how to decypher the encrypted LUKS key.
+# PKCS#11 URI we have in the clipboard, it tells the tool how to decipher the encrypted LUKS key.
sudo systemd-cryptsetup attach mytest /dev/sdXn /etc/encrypted-luks-key.bin 'pkcs11-uri=pkcs11:…'
# If that worked, let's now add the same line persistently to /etc/crypttab, for the future.
}
new_factor = factor * 10;
- if (new_factor < factor) /* overflow chck */
+ if (new_factor < factor) /* overflow check */
return;
factor = new_factor;
/* Send to all direct buses, unconditionally */
SET_FOREACH(b, m->private_buses, i) {
- /* Don't bother with enqueing these messages to clients that haven't started yet */
+ /* Don't bother with enqueuing these messages to clients that haven't started yet */
if (sd_bus_is_ready(b) <= 0)
continue;
assert(n_bind_mounts == 0 || bind_mounts);
/* Checks whether we need to insist on fs namespacing. i.e. whether we have settings configured that
- * would alter the view on the file system beyond making things read-only or invisble, i.e. would
+ * would alter the view on the file system beyond making things read-only or invisible, i.e. would
* rearrange stuff in a way we cannot ignore gracefully. */
if (context->n_temporary_filesystems > 0)
case JOB_START:
case JOB_NOP:
/* Note that we don't check unit_can_start() here. That's because .device units and suchlike are not
- * startable by us but may appear due to external events, and it thus makes sense to permit enqueing
+ * startable by us but may appear due to external events, and it thus makes sense to permit enqueuing
* jobs for it. */
return true;
case JOB_STOP:
/* Similar as above. However, perpetual units can never be stopped (neither explicitly nor due to
- * external events), hence it makes no sense to permit enqueing such a request either. */
+ * external events), hence it makes no sense to permit enqueuing such a request either. */
return !u->perpetual;
case JOB_RESTART:
r = user_record_test_password_change_required(h->record);
if (IN_SET(r, -EKEYREVOKED, -EOWNERDEAD, -EKEYEXPIRED))
- return 0; /* expired in some form, but chaning is allowed */
+ return 0; /* expired in some form, but changing is allowed */
if (IN_SET(r, -EKEYREJECTED, -EROFS))
return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Expiration settings of account %s do not allow changing of password.", h->user_name);
if (r < 0)
" -p --priority=RANGE Show entries with the specified priority\n"
" --facility=FACILITY... Show entries with the specified facilities\n"
" -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
- " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
+ " --case-sensitive[=BOOL] Force case sensitive or insensitive matching\n"
" -e --pager-end Immediately jump to the end in the pager\n"
" -f --follow Follow the journal\n"
" -n --lines[=INTEGER] Number of journal entries to show\n"
default:
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
- "Uknown DHCP lease info item %d.", what);
+ "Unknown DHCP lease info item %d.", what);
}
}
default:
return log_debug_errno(SYNTHETIC_ERRNO(ENXIO),
- "Uknown DHCP lease info item %d.", what);
+ "Unknown DHCP lease info item %d.", what);
}
if (*n_a == n_addresses &&
assert(udev->n_ref > 0);
udev->n_ref--;
if (udev->n_ref > 0)
- /* This is different from our convetion, but let's keep backward
+ /* This is different from our convention, but let's keep backward
* compatibility. So, do not use DEFINE_PUBLIC_TRIVIAL_UNREF_FUNC()
* macro to define this function. */
return udev;
break;
default:
- assert_not_reached("Uknown DHCP lease info item");
+ assert_not_reached("Unknown DHCP lease info item");
}
char **a;
* cgrouspv1 crap: kernel, kernelTCP, swapiness, disableOOMKiller, swap, devices, leafWeight
* general: it shouldn't leak lower level abstractions this obviously
* unmanagable cgroups stuff: realtimeRuntime/realtimePeriod
- * needs to say what happense when some option is not specified, i.e. which defautls apply
+ * needs to say what happense when some option is not specified, i.e. which defaults apply
* no architecture? no personality?
* seccomp example and logic is simply broken: there's no constant "SCMP_ACT_ERRNO".
* spec should say what to do with unknown props
* operation). If it isn't we first make it one. Afterwards we apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to
* all submounts we can access, too. When mounts are stacked on the same mount point we only care for each
* individual "top-level" mount on each point, as we cannot influence/access the underlying mounts anyway. We
- * do not have any effect on future submounts that might get propagated, they migt be writable. This includes
+ * do not have any effect on future submounts that might get propagated, they might be writable. This includes
* future submounts that have been triggered via autofs.
*
* If the "blacklist" parameter is specified it may contain a list of subtrees to exclude from the
if (v->state == VARLINK_DISCONNECTED)
return -ENOTCONN;
- /* We allow enqueing multiple method calls at once! */
+ /* We allow enqueuing multiple method calls at once! */
if (!IN_SET(v->state, VARLINK_IDLE_CLIENT, VARLINK_AWAITING_REPLY))
return -EBUSY;
if (!timestamp_is_set(watchdog_timeout))
return USEC_INFINITY;
- /* Sleep half the watchdog timeout since the last succesful ping at most */
+ /* Sleep half the watchdog timeout since the last successful ping at most */
if (timestamp_is_set(watchdog_last_ping)) {
ntime = now(clock_boottime_or_monotonic());
assert(ntime >= watchdog_last_ping);
_SD_BEGIN_DECLARATIONS;
-/* Neightbor Discovery Options, RFC 4861, Section 4.6 and
+/* Neighbor Discovery Options, RFC 4861, Section 4.6 and
* https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 */
enum {
SD_NDISC_OPTION_SOURCE_LL_ADDRESS = 1,
log_info("/* %s */", __func__);
assert_se(putenv((char*) "SYSTEMD_PROC_CMDLINE=foo_bar=quux wuff-piep=tuet zumm some_arg_with_space='foo bar' and_one_more=\"zzz aaa\"") == 0);
- assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=differnt") == 0);
+ assert_se(putenv((char*) "SYSTEMD_EFI_OPTIONS=different") == 0);
/* First test if the overrides for /proc/cmdline still work */
_cleanup_free_ char *line = NULL, *value = NULL;
#!/usr/bin/env bash
set -e
-TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over proccesses with ExecStopPost="
+TEST_DESCRIPTION="Test that KillMode=mixed does not leave left over processes with ExecStopPost="
. $TEST_BASE_DIR/test-functions
do_test "$@" 47
! test -f /var/lib/machines/scratch4
! machinectl image-status scratch4
-# Test import-tar hypen/stdin pipe behavior
+# Test import-tar hyphen/stdin pipe behavior
cat /var/tmp/scratch.tar.gz | machinectl import-tar - scratch5
test -d /var/lib/machines/scratch5
machinectl image-status scratch5
diff -r /var/tmp/scratch/ /var/lib/machines/scratch5
-# Test export-tar hypen/stdout pipe behavior
+# Test export-tar hyphen/stdout pipe behavior
mkdir -p /var/tmp/extract
machinectl export-tar scratch5 - | tar xvf - -C /var/tmp/extract/
diff -r /var/tmp/scratch/ /var/tmp/extract/
<refsect1>
<title>D-Bus interfaces</title>
- <para>Interaces exposed over D-Bus.</para>
+ <para>Interfaces exposed over D-Bus.</para>
<variablelist id='dbus-interface' />
</refsect1>
subst_output(xml, pl)
out_text = etree.tostring(xml, encoding='unicode')
- # massage format to avoid some lxml whitespace handling idiosyncracies
+ # massage format to avoid some lxml whitespace handling idiosyncrasies
# https://bugs.launchpad.net/lxml/+bug/526799
out_text = (src[:src.find('<refentryinfo')] +
out_text[out_text.find('<refentryinfo'):] +
FUZZIT_BRANCH="PR-${TRAVIS_PULL_REQUEST}"
fi
-# Because we want Fuzzit to run on every pull-request and Travis/Azure doesnt support encrypted keys
+# Because we want Fuzzit to run on every pull-request and Travis/Azure doesn't support encrypted keys
# on pull-request we use a write-only key which is ok for now. maybe there will be a better solution in the future
export FUZZIT_API_KEY=af6992074353998676713818cc6435ef4a750439932dab58b51e9354d6742c54d740a3cd9fc1fc001db82f51734a24bc
FUZZIT_ADDITIONAL_FILES="./out/src/shared/libsystemd-shared-*.so"
projects / thirdparty / systemd.git / commitdiff
