4 days agobootspec: fix build when EFI support is disabled master
Yu Watanabe [Sat, 13 Apr 2019 17:58:10 +0000 (02:58 +0900)]
bootspec: fix build when EFI support is disabled

Follow-up for ce4c4f810876b2d6e50041c8bbe089e8a9e2576e.

5 days agolinux: import if_ether.h from kernel-5.0
Yu Watanabe [Mon, 15 Apr 2019 16:57:23 +0000 (01:57 +0900)]
linux: import if_ether.h from kernel-5.0

kernel-4.15's if_ether.h has a bug that the header does not provide
'struct ethhdr'. The bug is introduced by
6926e041a8920c8ec27e4e155efa760aa01551fd (4.15-rc8)
and fixed by da360299b6734135a5f66d7db458dcc7801c826a (4.16-rc3).

This makes systemd built with kernel-4.15 headers.

Fixes #12319.

5 days agohwdb: Add Medion Akoya E3216 MD60900 (#12323)
David Art [Tue, 16 Apr 2019 08:23:28 +0000 (10:23 +0200)]
hwdb: Add Medion Akoya E3216 MD60900 (#12323)

Fixes: #12312

6 days agoMerge pull request #12305 from yuwata/import-more-headers-from-kernel-5-0
Lennart Poettering [Mon, 15 Apr 2019 09:33:06 +0000 (11:33 +0200)]
Merge pull request #12305 from yuwata/import-more-headers-from-kernel-5-0

linux: import more headers from kernel-5.0

6 days agoMerge pull request #12301 from keszybz/silence-alignment-warning
Lennart Poettering [Mon, 15 Apr 2019 09:21:15 +0000 (11:21 +0200)]
Merge pull request #12301 from keszybz/silence-alignment-warning

Silence alignment warning

6 days agoMerge pull request #12311 from yuwata/timeout_abort_set-change-bool
Lennart Poettering [Mon, 15 Apr 2019 09:14:18 +0000 (11:14 +0200)]
Merge pull request #12311 from yuwata/timeout_abort_set-change-bool

core: several follow-ups for timeout PR #11211

6 days agoCheck for final assignments in RUN keys (#12309)
Florian Dollinger [Mon, 15 Apr 2019 06:59:36 +0000 (08:59 +0200)]
Check for final assignments in RUN keys (#12309)

As described in #12291

6 days agobasic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used
Benjamin Robin [Sun, 14 Apr 2019 15:21:27 +0000 (17:21 +0200)]
basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used

The memory leak introduced in #12223 (15f8f02)

7 days agoDocument (final) assignment on the RUN (#12310)
Florian Dollinger [Sun, 14 Apr 2019 12:26:39 +0000 (14:26 +0200)]
Document (final) assignment on the RUN (#12310)

As described in #12291, final assignments and assignments are clearing both command types.

7 days agocore: do not show TimeoutStopSec= in dump message if it is not set 12311/head
Yu Watanabe [Sun, 14 Apr 2019 11:47:13 +0000 (20:47 +0900)]
core: do not show TimeoutStopSec= in dump message if it is not set

7 days agocore: add assertion in two inline functions
Yu Watanabe [Sun, 14 Apr 2019 11:46:24 +0000 (20:46 +0900)]
core: add assertion in two inline functions

7 days agocore: use BUS_DEFINE_PROPERTY_GET() macro at more places
Yu Watanabe [Sun, 14 Apr 2019 11:45:31 +0000 (20:45 +0900)]
core: use BUS_DEFINE_PROPERTY_GET() macro at more places

7 days agocore: change type of Service::timeout_abort_set to bool
Yu Watanabe [Sun, 14 Apr 2019 11:13:40 +0000 (20:13 +0900)]
core: change type of Service::timeout_abort_set to bool

Follow-up for dc653bf487bae9d1ddf794442bf4176fee173b41 (#11211).

8 days agolinux: also import l2tp.h from kernel-5.0 12305/head
Yu Watanabe [Sat, 13 Apr 2019 09:35:15 +0000 (18:35 +0900)]
linux: also import l2tp.h from kernel-5.0

The L2TP_ATTR_UDP_ZERO_CSUM6_{TX,RX} attributes are introduced by
6b649feafe10b293f4bd5a74aca95faf625ae525, which is included in
kernel-3.16. To support older kernel, let's import the header.

Fixes #12300.

8 days agolinux: also import linux/in.h and in6.h from kernel-5.0
Yu Watanabe [Sat, 13 Apr 2019 09:46:40 +0000 (18:46 +0900)]
linux: also import linux/in.h and in6.h from kernel-5.0

Now linux/in.h has better conflict detection with glibc's
netinet/in.h. So, let's import the headers.

Note that our code already have many workarounds for the conflict,
but in this commit does not drop them. Let's do that in the later
commits if this really helps.

8 days agolinux: move netdevice.h from shared/linux to basic/linux
Yu Watanabe [Sat, 13 Apr 2019 09:33:34 +0000 (18:33 +0900)]
linux: move netdevice.h from shared/linux to basic/linux

As the header linux/if_arp.h includes linux/netdevice.h.

8 days agoMerge pull request #12288 from yuwata/resolve-bond-rafactoring
Yu Watanabe [Sat, 13 Apr 2019 13:43:21 +0000 (22:43 +0900)]
Merge pull request #12288 from yuwata/resolve-bond-rafactoring

resolve,network: tiny cleanups

8 days agotmpfiles: split tmp.conf out
Franck Bui [Fri, 12 Apr 2019 12:45:53 +0000 (14:45 +0200)]
tmpfiles: split tmp.conf out

tmp.conf was dealing with 2 different kind of paths: one dealing with general
temporary paths such as /var/tmp and /tmp and the other one dealing with
temporary directories owned by systemd.

If for example a user wants to adjust the age argument of the general paths
only, he had to overload the whole file which is cumbersome and error prone
since any future changes in tmp.conf shipped by systemd will be lost.

So this patch splits out tmp.conf so the systemd directories are dealt
separately in a dedicated conf file. It's named "systemd-tmp.conf" based on the
naming recommendation made in tmpfiles.d man page.

In practice it shouldn't cause any regression since it's very unlikely that
users override paths owned by systemd.

8 days agonspawn: Fix volatile SELinux label
Dominick Grift [Fri, 12 Apr 2019 18:15:35 +0000 (20:15 +0200)]
nspawn: Fix volatile SELinux label

nspawn should associate the specified nspawn container apifs object label instead of the nspawn container process label with the volatile tmpfs

8 days agosd-netlink: align table 12301/head
Zbigniew Jędrzejewski-Szmek [Sat, 13 Apr 2019 09:57:42 +0000 (11:57 +0200)]
sd-netlink: align table

8 days agonetwork: avoid warning about unaligned pointers
Zbigniew Jędrzejewski-Szmek [Sat, 13 Apr 2019 09:47:47 +0000 (11:47 +0200)]
network: avoid warning about unaligned pointers

With gcc-9.0.1-0.10.fc30.x86_64:
../src/network/netdev/macsec.c: In function ‘config_parse_macsec_port’:
../src/network/netdev/macsec.c:584:24: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
  584 |                 dest = &c->sci.port;
      |                        ^~~~~~~~~~~~
../src/network/netdev/macsec.c:592:24: warning: taking address of packed member of ‘struct <anonymous>’ may result in an unaligned pointer value [-Waddress-of-packed-member]
  592 |                 dest = &b->sci.port;
      |                        ^~~~~~~~~~~~

(The alignment was probably OK, but it's nicer to avoid the warning anyway.)

8 days agoMerge pull request #12296 from poettering/coding-style-sections
Yu Watanabe [Sat, 13 Apr 2019 09:23:13 +0000 (18:23 +0900)]
Merge pull request #12296 from poettering/coding-style-sections

split CODING_STYLE document into multiple thematic sections

8 days agoMerge pull request #12290 from poettering/json-foreach-love
Yu Watanabe [Sat, 13 Apr 2019 09:19:38 +0000 (18:19 +0900)]
Merge pull request #12290 from poettering/json-foreach-love

some small JSON foreach macro love

8 days agoMerge pull request #12293 from poettering/tiny-journal-modernizations
Yu Watanabe [Sat, 13 Apr 2019 09:19:15 +0000 (18:19 +0900)]
Merge pull request #12293 from poettering/tiny-journal-modernizations

four simple journal modernizations

8 days agonetwork: re-indent conf parser and wrap long lines in bond.c 12288/head
Yu Watanabe [Fri, 12 Apr 2019 05:15:29 +0000 (14:15 +0900)]
network: re-indent conf parser and wrap long lines in bond.c

8 days agonetwork: use OrderedSet for bond ARP ip targets
Yu Watanabe [Fri, 12 Apr 2019 05:14:19 +0000 (14:14 +0900)]
network: use OrderedSet for bond ARP ip targets

8 days agoordered-set: add missing ordered_set_size()
Yu Watanabe [Fri, 12 Apr 2019 05:13:17 +0000 (14:13 +0900)]
ordered-set: add missing ordered_set_size()

8 days agonetwork: drop allocation for Bond::ad_actor_system
Yu Watanabe [Fri, 12 Apr 2019 04:37:02 +0000 (13:37 +0900)]
network: drop allocation for Bond::ad_actor_system

8 days agonetwork: drop bond_mode_to_kernel() and bond_xmit_hash_policy_to_kernel()
Yu Watanabe [Fri, 12 Apr 2019 04:29:46 +0000 (13:29 +0900)]
network: drop bond_mode_to_kernel() and bond_xmit_hash_policy_to_kernel()

8 days agoarp-util: use net/ethernet.h instead of netinet/if_ether.h
Yu Watanabe [Thu, 11 Apr 2019 05:36:18 +0000 (14:36 +0900)]
arp-util: use net/ethernet.h instead of netinet/if_ether.h

The header net/ethernet.h is used at all other places where
'struct ether_addr' is required.

8 days agoresolve: use log_link_*() macro
Yu Watanabe [Thu, 11 Apr 2019 05:16:51 +0000 (14:16 +0900)]
resolve: use log_link_*() macro

8 days agoresolve: rename -> Link.ifname
Yu Watanabe [Thu, 11 Apr 2019 05:08:40 +0000 (14:08 +0900)]
resolve: rename -> Link.ifname

This also changes the type from char[IF_NAMESIZE] to char*.
By changing the type, now resolved-link.h can drop the dependency to
the header net/if.h.

9 days agoservice: handle abort stops with dedicated timeout
Jan Klötzke [Wed, 29 Nov 2017 06:43:44 +0000 (07:43 +0100)]
service: handle abort stops with dedicated timeout

When shooting down a service with SIGABRT the user might want to have a
much longer stop timeout than on regular stops/shutdowns. Especially in
the face of short stop timeouts the time might not be sufficient to
write huge core dumps before the service is killed.

This commit adds a dedicated (Default)TimeoutAbortSec= timer that is
used when stopping a service via SIGABRT. In all other cases the
existing TimeoutStopSec= is used. The timer value is unset by default
to skip the special handling and use TimeoutStopSec= for state
'stop-watchdog' to keep the old behaviour.

If the service is in state 'stop-watchdog' and the service should be
stopped explicitly we still go to 'stop-sigterm' and re-apply the usual
TimeoutStopSec= timeout.

9 days agocode style format: clang-format applied to src/a*/*
Sebastian Jennen [Sat, 23 Feb 2019 16:26:25 +0000 (17:26 +0100)]
code style format: clang-format applied to src/a*/*

[zj: this is a subset of changes generated by clang-format, just the ones
  I think improve readability or consistency.]

This is a part of

9 days agocgroup: Implement default propagation of MemoryLow with DefaultMemoryLow
Chris Down [Thu, 28 Mar 2019 12:50:50 +0000 (12:50 +0000)]
cgroup: Implement default propagation of MemoryLow with DefaultMemoryLow

In cgroup v2 we have protection tunables -- currently MemoryLow and
MemoryMin (there will be more in future for other resources, too). The
design of these protection tunables requires not only intermediate
cgroups to propagate protections, but also the units at the leaf of that
resource's operation to accept it (by setting MemoryLow or MemoryMin).

This makes sense from an low-level API design perspective, but it's a
good idea to also have a higher-level abstraction that can, by default,
propagate these resources to children recursively. In this patch, this
happens by having descendants set memory.low to N if their ancestor has
DefaultMemoryLow=N -- assuming they don't set a separate MemoryLow

Any affected unit can opt out of this propagation by manually setting
`MemoryLow` to some value in its unit configuration. A unit can also
stop further propagation by setting `DefaultMemoryLow=` with no
argument. This removes further propagation in the subtree, but has no
effect on the unit itself (for that, use `MemoryLow=0`).

Our use case in production is simplifying the configuration of machines
which heavily rely on memory protection tunables, but currently require
tweaking a huge number of unit files to make that a reality. This
directive makes that significantly less fragile, and decreases the risk
of misconfiguration.

After this patch is merged, I will implement DefaultMemoryMin= using the
same principles.

9 days agoCODING_STYLE: rename "Others" section to "Code Organization and Semantics" 12296/head
Lennart Poettering [Fri, 12 Apr 2019 15:01:05 +0000 (17:01 +0200)]
CODING_STYLE: rename "Others" section to "Code Organization and Semantics"

This is a bit of a grabbag, but it's the best I could come up with
without having lots of single-item sections.

9 days agoCODING_STYLE: split out section about runtime behaviour
Lennart Poettering [Fri, 12 Apr 2019 14:58:46 +0000 (16:58 +0200)]
CODING_STYLE: split out section about runtime behaviour

9 days agoCODING_STYLE: add section about C constructs use
Lennart Poettering [Fri, 12 Apr 2019 14:53:27 +0000 (16:53 +0200)]
CODING_STYLE: add section about C constructs use

9 days agoCODING_STYLE: split out section about deadlocks
Lennart Poettering [Fri, 12 Apr 2019 14:50:24 +0000 (16:50 +0200)]
CODING_STYLE: split out section about deadlocks

9 days agoCODING_STYLE: split out section about logging
Lennart Poettering [Fri, 12 Apr 2019 14:49:02 +0000 (16:49 +0200)]
CODING_STYLE: split out section about logging

9 days agoCODING_STYLE: export section about exporting symbols
Lennart Poettering [Fri, 12 Apr 2019 14:45:03 +0000 (16:45 +0200)]
CODING_STYLE: export section about exporting symbols

9 days agoCODING_STYLE: split out section about destructors
Lennart Poettering [Fri, 12 Apr 2019 14:42:44 +0000 (16:42 +0200)]
CODING_STYLE: split out section about destructors

9 days agoCODING_STYLE: split out section about command line parsing
Lennart Poettering [Fri, 12 Apr 2019 14:40:34 +0000 (16:40 +0200)]
CODING_STYLE: split out section about command line parsing

9 days agoCODING_STYLE: Split out section about error handling
Lennart Poettering [Fri, 12 Apr 2019 14:38:14 +0000 (16:38 +0200)]
CODING_STYLE: Split out section about error handling

9 days agoCODING_STYLE: split out section about commiting to git
Lennart Poettering [Fri, 12 Apr 2019 14:35:17 +0000 (16:35 +0200)]
CODING_STYLE: split out section about commiting to git

9 days agoCODING_STYLE: split out section about file descriptors
Lennart Poettering [Fri, 12 Apr 2019 14:34:01 +0000 (16:34 +0200)]
CODING_STYLE: split out section about file descriptors

9 days agoCODING_STYLE: split out section about memory allocations
Lennart Poettering [Fri, 12 Apr 2019 14:31:58 +0000 (16:31 +0200)]
CODING_STYLE: split out section about memory allocations

9 days agoCODING_STYLE: move out section about Types
Lennart Poettering [Fri, 12 Apr 2019 14:26:46 +0000 (16:26 +0200)]
CODING_STYLE: move out section about Types

9 days agoCODING_STYLE: add section about how to reference specific concepts
Lennart Poettering [Fri, 12 Apr 2019 14:22:16 +0000 (16:22 +0200)]
CODING_STYLE: add section about how to reference specific concepts

9 days agoCODING_STYLE: split out bits about Formatting into its own section
Lennart Poettering [Fri, 12 Apr 2019 14:20:37 +0000 (16:20 +0200)]
CODING_STYLE: split out bits about Formatting into its own section

(And, for now, add a section "Other" to separate the rest of the stuff)

9 days agoCODING_STYLE: add a section about functions not to use
Lennart Poettering [Fri, 12 Apr 2019 14:16:39 +0000 (16:16 +0200)]
CODING_STYLE: add a section about functions not to use

Let's add sections to the document. First off, let's add one about
functions not to use.

9 days agojournald: modernize config_parse_compress() a bit 12293/head
Lennart Poettering [Fri, 5 Apr 2019 16:20:06 +0000 (18:20 +0200)]
journald: modernize config_parse_compress() a bit

9 days agojournald: rebreak a few comments
Lennart Poettering [Fri, 5 Apr 2019 13:31:18 +0000 (15:31 +0200)]
journald: rebreak a few comments

9 days agojournald: no need to check ptr for non-NULL before _unref(), as function does that...
Lennart Poettering [Fri, 5 Apr 2019 13:37:20 +0000 (15:37 +0200)]
journald: no need to check ptr for non-NULL before _unref(), as function does that anyway

9 days agojournald: use structure initialization
Lennart Poettering [Thu, 4 Apr 2019 15:30:51 +0000 (17:30 +0200)]
journald: use structure initialization

9 days agoMerge pull request #12222 from yuwata/macsec
Lennart Poettering [Fri, 12 Apr 2019 11:59:30 +0000 (13:59 +0200)]
Merge pull request #12222 from yuwata/macsec

network: introduce MACsec

9 days agoMerge pull request #12217 from keszybz/unlocked-operations
Lennart Poettering [Fri, 12 Apr 2019 11:51:53 +0000 (13:51 +0200)]
Merge pull request #12217 from keszybz/unlocked-operations

Refactor how we do unlocked file operations

9 days agojson: be more careful when iterating through a JSON object/array 12290/head
Lennart Poettering [Fri, 12 Apr 2019 10:59:05 +0000 (12:59 +0200)]
json: be more careful when iterating through a JSON object/array

Let's exit the loop early in case the variant is not actually an object
or array. This is safer since otherwise we might end up iterating
through these variants and access fields that aren't of the type we
expect them to be and then bad things happen.

Of course, this doesn't absolve uses of these macros to check the type
of the variant explicitly beforehand, but it makes it less bad if they
forget to do so.

9 days agojson: simplify JSON_VARIANT_OBJECT_FOREACH() macro a bit
Lennart Poettering [Thu, 4 Apr 2019 14:40:02 +0000 (16:40 +0200)]
json: simplify JSON_VARIANT_OBJECT_FOREACH() macro a bit

There's no point in returning the "key" within each loop iteration as
JsonVariant object. Let's simplify things and return it as string. That
simplifies usage (since the caller doesn't have to convert the object to
the string anymore) and is safe since we already validate that keys are
strings when an object JsonVariant is allocated.

9 days agoMerge pull request #12289 from poettering/news-pid-max
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 10:12:18 +0000 (12:12 +0200)]
Merge pull request #12289 from poettering/news-pid-max

NEWS: explain the kernel.pid_max sysctl change

9 days agoNEWS: document kernel.pid_max change 12289/head
Lennart Poettering [Fri, 12 Apr 2019 10:01:41 +0000 (12:01 +0200)]
NEWS: document kernel.pid_max change

9 days agoNEWS: fix typo
Lennart Poettering [Fri, 12 Apr 2019 10:01:23 +0000 (12:01 +0200)]
NEWS: fix typo

9 days agoAdd fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests 12217/head
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 10:24:38 +0000 (12:24 +0200)]
Add fmemopen_unlocked() and use unlocked ops in fuzzers and some other tests

This might make things marginially faster. I didn't benchmark though.

9 days agoAdd open_memstream_unlocked() wrapper
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:46:44 +0000 (11:46 +0200)]
Add open_memstream_unlocked() wrapper

9 days agocore/smack-setup: add helper function for openat+fdopen
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:27:21 +0000 (11:27 +0200)]
core/smack-setup: add helper function for openat+fdopen

Unlocked operations are used in all three places. I don't see why just one was

This also improves logging, since we don't just log the final component of the
path, but the full name.

9 days agoAdd fdopen_unlocked() wrapper
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:27:08 +0000 (11:27 +0200)]
Add fdopen_unlocked() wrapper

9 days agoMake fopen_temporary and fopen_temporary_label unlocked
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 09:02:11 +0000 (11:02 +0200)]
Make fopen_temporary and fopen_temporary_label unlocked

This is partially a refactoring, but also makes many more places use
unlocked operations implicitly, i.e. all users of fopen_temporary().
AFAICT, the uses are always for short-lived files which are not shared
externally, and are just used within the same context. Locking is not

9 days agoAdd fopen_unlocked() wrapper
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 08:17:16 +0000 (10:17 +0200)]
Add fopen_unlocked() wrapper

9 days agoMerge pull request #12221 from keszybz/test-cleanups
Lennart Poettering [Fri, 12 Apr 2019 09:02:54 +0000 (11:02 +0200)]
Merge pull request #12221 from keszybz/test-cleanups

Script indentation cleanups

9 days agoMerge pull request #12287 from keszybz/patches-for-coverity-warnings
Lennart Poettering [Fri, 12 Apr 2019 08:56:53 +0000 (10:56 +0200)]
Merge pull request #12287 from keszybz/patches-for-coverity-warnings

Patches for coverity warnings

9 days agoseccomp: check more error codes from seccomp_load()
Anita Zhang [Wed, 10 Apr 2019 23:08:41 +0000 (16:08 -0700)]
seccomp: check more error codes from seccomp_load()

We noticed in our tests that occasionally SystemCallFilter= would
fail to set and the service would run with no syscall filtering.
Most of the time the same tests would apply the filter and fail
the service as expected. While it's not totally clear why this happens,
we noticed seccomp_load() in the systemd code base would fail open for
all errors except EPERM and EACCES.

ENOMEM, EINVAL, and EFAULT seem like reasonable values to add to the
error set based on what I gather from libseccomp code and man pages:

-ENOMEM: out of memory, failed to allocate space for a libseccomp structure, or would exceed a defined constant
-EINVAL: kernel isn't configured to support the operations, args are invalid (to seccomp_load(), seccomp(), or prctl())
-EFAULT: addresses passed as args are invalid

9 days agocore: vodify one more call to mkdir 12287/head
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:03:52 +0000 (09:03 +0200)]
core: vodify one more call to mkdir

CID #1400460.

9 days agotest-exec-util: do not call setenv with NULL arg
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 07:00:37 +0000 (09:00 +0200)]
test-exec-util: do not call setenv with NULL arg

The comment explains that $PATH might not be set in certain circumstances and
takes steps to handle this case. If we do that, let's assume that $PATH indeed
might be unset and not call setenv("PATH", NULL, 1). It is not clear from the
man page if that is allowed.

CID #1400497.

9 days agotest-env-util: allow $PATH to be unset
Zbigniew Jędrzejewski-Szmek [Fri, 12 Apr 2019 06:55:39 +0000 (08:55 +0200)]
test-env-util: allow $PATH to be unset

Coverity was unhappy, because it doesn't know that $PATH is pretty much always
set. But let's not assume that in the test. CID #1400496.

$ (unset PATH; build/test-env-util)
[1]    31658 segmentation fault (core dumped)  ( unset PATH; build/test-env-util; )

9 days agoCODING_STYLE: adjust indentation rules, and add note about config loading 12221/head
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 12:14:45 +0000 (14:14 +0200)]
CODING_STYLE: adjust indentation rules, and add note about config loading

9 days agoshell-completion/zsh: add -*type*- headers
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:41:35 +0000 (11:41 +0200)]
shell-completion/zsh: add -*type*- headers

Since there's no file extension, emacs and other editors do not know that this is
supposed to be in shell syntax.

9 days agoshell-completion: use 4 space indentation too
Zbigniew Jędrzejewski-Szmek [Fri, 5 Apr 2019 09:39:14 +0000 (11:39 +0200)]
shell-completion: use 4 space indentation too

The same as in other places, indentation levels were all over the place.

9 days agoscripts: use 4 space indentation
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 12:10:42 +0000 (14:10 +0200)]
scripts: use 4 space indentation

We had all kinds of indentation: 2 sp, 3 sp, 4 sp, 8 sp, and mixed.
4 sp was the most common, in particular the majority of scripts under test/
used that. Let's standarize on 4 sp, because many commandlines are long and
there's a lot of nesting, and with 8sp indentation less stuff fits. 4 sp
also seems to be the default indentation, so this will make it less likely
that people will mess up if they don't load the editor config. (I think people
often use vi, and vi has no support to load project-wide configuration
automatically. We distribute a .vimrc file, but it is not loaded by default,
and even the instructions in it seem to discourage its use for security

Also remove the few vim config lines that were left. We should either have them
on all files, or none.

Also remove some strange stuff like '#!/bin/env bash', yikes.

9 days agotest: filter out messages when stripping binaries
Zbigniew Jędrzejewski-Szmek [Thu, 4 Apr 2019 13:06:34 +0000 (15:06 +0200)]
test: filter out messages when stripping binaries

We would get an error for every script, which is just noise.

10 days agotest-network: add tests for MACsec 12222/head
Yu Watanabe [Fri, 5 Apr 2019 06:58:50 +0000 (15:58 +0900)]
test-network: add tests for MACsec

10 days agonetwork: re-indent gperf files
Yu Watanabe [Wed, 10 Apr 2019 06:53:30 +0000 (15:53 +0900)]
network: re-indent gperf files

10 days agonetwork: warn when private key is stored in world readable files
Yu Watanabe [Wed, 10 Apr 2019 10:26:57 +0000 (19:26 +0900)]
network: warn when private key is stored in world readable files

10 days agonetwork: add MACsecTransmitAssociation.UseForEncoding= setting
Yu Watanabe [Fri, 5 Apr 2019 06:52:26 +0000 (15:52 +0900)]
network: add MACsecTransmitAssociation.UseForEncoding= setting

10 days agonetwork: add MACsec*Association.Activate= setting
Yu Watanabe [Fri, 5 Apr 2019 06:33:52 +0000 (15:33 +0900)]
network: add MACsec*Association.Activate= setting

10 days agonetwork: add MACsec*Association.KeyFile= setting
Yu Watanabe [Wed, 10 Apr 2019 09:07:10 +0000 (18:07 +0900)]
network: add MACsec*Association.KeyFile= setting

10 days agonetwork: explicitly clear security key for macsec
Yu Watanabe [Wed, 10 Apr 2019 08:53:30 +0000 (17:53 +0900)]
network: explicitly clear security key for macsec

10 days agonetwork: support multiple security associations for macsec channels
Yu Watanabe [Wed, 10 Apr 2019 08:29:10 +0000 (17:29 +0900)]
network: support multiple security associations for macsec channels

10 days agonetwork: Introduce MACsec
Susant Sahani [Wed, 3 Apr 2019 11:27:36 +0000 (16:57 +0530)]
network: Introduce MACsec

Media Access Control Security (MACsec) is an 802.1AE IEEE
industry-standard security technology that provides secure
communication for all traffic on Ethernet links.
MACsec provides point-to-point security on Ethernet links between
directly connected nodes and is capable of identifying and preventing
most security threats, including denial of service, intrusion,
man-in-the-middle, masquerading, passive wiretapping, and playback attacks.

Closes #5754

10 days agolinux: import if_macsec.h from kernel-5.0
Yu Watanabe [Fri, 5 Apr 2019 09:10:02 +0000 (18:10 +0900)]
linux: import if_macsec.h from kernel-5.0

MACsec is introduced since kernel-4.6. Let's support order kernels.

10 days agofileio: add READ_FULL_FILE_UNHEX flag
Yu Watanabe [Wed, 10 Apr 2019 09:03:42 +0000 (18:03 +0900)]
fileio: add READ_FULL_FILE_UNHEX flag

Similar to READ_FULL_FILE_UNBASE64, read data is decoded with

10 days agoutil: extend unhexmem() to accept secure flag
Yu Watanabe [Wed, 10 Apr 2019 08:50:27 +0000 (17:50 +0900)]
util: extend unhexmem() to accept secure flag

When the flag is set, buffer is cleared on failure.
This is a continuation of 2432d09c7a7115004b16eb11bf81ffeeb32d15ad.

10 days agoMerge pull request #12267 from keszybz/udev-settle-warning
Lennart Poettering [Thu, 11 Apr 2019 17:01:03 +0000 (19:01 +0200)]
Merge pull request #12267 from keszybz/udev-settle-warning

Udev settle warning

10 days agotree-wide: drop several missing_*.h and import relevant headers from kernel-5.0
Yu Watanabe [Wed, 10 Apr 2019 10:55:53 +0000 (19:55 +0900)]
tree-wide: drop several missing_*.h and import relevant headers from kernel-5.0

10 days agoMerge pull request #12153 from benjarobin/killall-show-not-killed
Lennart Poettering [Thu, 11 Apr 2019 16:58:43 +0000 (18:58 +0200)]
Merge pull request #12153 from benjarobin/killall-show-not-killed

shutdown/killall: Show in the console the processes not yet killed

10 days agoMerge pull request #12226 from poettering/22bit-pids
Lennart Poettering [Thu, 11 Apr 2019 16:58:08 +0000 (18:58 +0200)]
Merge pull request #12226 from poettering/22bit-pids

sysctl: let's by default increase the numeric PID range from 2^16 to …

10 days agoMerge pull request #12037 from poettering/oom-state
Lennart Poettering [Thu, 11 Apr 2019 16:57:47 +0000 (18:57 +0200)]
Merge pull request #12037 from poettering/oom-state

add cgroupv2 oom killer event handling to service management

10 days agoMerge pull request #12219 from keszybz/bootctl-check-entries
Lennart Poettering [Thu, 11 Apr 2019 16:57:18 +0000 (18:57 +0200)]
Merge pull request #12219 from keszybz/bootctl-check-entries

bootctl: check entries when showing them

10 days agoNEWS: update contributors and date v242
Zbigniew Jędrzejewski-Szmek [Thu, 11 Apr 2019 16:28:36 +0000 (18:28 +0200)]
NEWS: update contributors and date

10 days agohwdb: mark Apple Magic Trackpads as external
Sebastian Krzyszkowiak [Thu, 11 Apr 2019 14:31:09 +0000 (16:31 +0200)]
hwdb: mark Apple Magic Trackpads as external

Applies only to USB - when connected via Bluetooth it already gets marked correctly.

10 days agofstab-generator: use DefaultDependencies=no for /sysroot mounts
Jonathan Lebon [Wed, 10 Apr 2019 21:28:15 +0000 (17:28 -0400)]
fstab-generator: use DefaultDependencies=no for /sysroot mounts

Otherwise we can end up with an ordering cycle. Since d54bab90, all
local mounts now gain a default `` dependency.
This doesn't make sense for `/sysroot` mounts in the initrd though,
since those happen later in the boot process.

Closes: #12231