Max Staudt [Thu, 22 Feb 2024 08:47:36 +0000 (17:47 +0900)]
udev: Add /dev/media/by-path symlinks for media controllers
Add persistent symlinks for media controller ("mediaX") devices, based
on their ID_PATH udev properties.
For example, if the uvcvideo driver creates /dev/media0, a persistent
name may be:
/dev/media/by-path/pci-0000:04:00.3-usb-0:1:1.0-media-controller
Persistent links are a handy tool to make scripts self-documenting
during development or in tests, as well as less error prone in case of
devices changing enumeration order. For media controllers, one can
alternatively scan through all of them and look for a matching bus_info
in their struct media_device_info, but the links are much handier when
drafting something by hand.
A similar pattern already exists for Video4Linux /dev/videoX devices,
see 60-persistent-v4l.rules for those.
Yu Watanabe [Tue, 20 Feb 2024 21:20:45 +0000 (06:20 +0900)]
network: introduce per-interface IP forwarding settings
This deprecates IPForward= setting, which unconditionally controled
the global setting, even though it is a setting in .network file.
Instead, this introduces new IPv4Forwarding= and IPv6Forwarding=
settings both in .network and networkd.conf.
If these settings are specified in a .network file, then the
per-interface forwarding setting will be configured.
If specified in networkd.conf, then the global IP forwarding setting will
be configured.
While the subsequent change made this change no longer trigger warnings if fq_codel wasn't present, it is still recommended to have this enabled. Add the necessary kernel configuration to the documentation.
test-ukify: skip signing in tests when slow tests are disabled
I have a large initrd (built with mkosi-initrd) and the test-ukify takes 30 s.
Let's use the usual approach of skipping the slowests tests.
(pytest has marks, and it would be nicer to mark tests with pytest.mark.slow,
and then use "-m 'not slow'" in the meson test invocation. But markers must be
pre-registered, otherwise pytest emits a warning. There are a few ways to
register markers, but they all require "project configuration", but because of
how we invoke pytest, this is hard to do. So let's just use an environment
variable.)
Susant Sahani [Tue, 20 Feb 2024 13:12:20 +0000 (18:42 +0530)]
netdev/macvlan: allow to set the broadcast queueing threshold
Allow to set the broadcast queueing threshold
on macvlan devices. This controls which multicast packets will be
processed in a workqueue instead of inline.
medusalix [Wed, 21 Feb 2024 20:02:37 +0000 (21:02 +0100)]
hwdb: Add headset form-factor override for Xbox Wireless Dongle
The Xbox Wireless Headset does not get assigned a sound form factor
when connected via the dongle using the `xone` driver.
Add USB IDs for the old & new dongle and built-in variants.
tree-wide: be more careful when passing literal integers to "t" bus message fields
Since we use varargs for sd_message_append() we need to make sure the
parameters we pass are actually 64bit wide, if "t" is used. Hence cast
appropriately if necessary.
I went through the whole tree, and in most cases we got it right, but
there are some cases we missed so far.
vmspawn: rename "qemu" specific switches to not carry the "qemu" prefix
This renames a few of the switches vmspawn takes, such as --qemu-mem=
and --qemu-smp= to names without the "qemu" moniker and uses less
cryptic names (i.e. --ram= and --cpus=).
I think it's a bit unsystematic that so far we use the "qemu" prefix for
some options but not for others. At least I could not figure out a
system when we use it and when we don't. Hence let's clean it up and
just use simpler names without suffix.
After all we might want to plug other hypervisors behind vmspawn one
day, hence I think there's value in sticking to generic names for these
switches that allow us to switch out backends easily. In particular for
--ram= and --cpus= which are probably the most fundamental of VM settings
there are.
The old switches are support for compat, but not advertised in man page
or --help text anymore.
I left "--qemu-gui" under its current name, since it fundamentally is a
a qemu concept, exposing a qemu specific graphical UI.
The 1-based VT indexes are what people usually expect, since the primary
name of VTs uses them (i.e. /dev/tty1, /dev/tty2, …). Hence, let's
always use 1-based VT indexes, and early on convert 0-based VT indexes
to minimize confusion.
bsod: add new option --tty= to specify TTY to output on
If specified we'll not try to find a free V, but instead just output
directly to the specified TTY. This is particularly useful for
debugging, as it means "systemd-bsod --tty=/dev/tty" just works.
pcrlock: handle measurement logs where hash algs in header are announced in different order than in records
Apparently on HyperV the measurement logs announce the hash algs in a
different order in the header than the records have them. Let's handle
this gracefully
Adrian Vovk [Tue, 20 Feb 2024 19:54:21 +0000 (14:54 -0500)]
fd-util: Add helpers to check if FD flags are safe
Adds a SAFE_FD_FLAGS define to list out all the safe FD flags, and also
an UNSAFE_FD_FLAGS() macro to strip out the safe flags and leave only
the unsafe flags. This can be used to quickly check if any unsafe flags
are set and print them for diagnostic purposes
analyze: always recommend saving the output to a file
The command will refuse to write to a TTY, so give a strong hint
that redirecting to a file is recommended. This makes the synopsis,
man page text, and --help output consistent.
Also drop the space after the redirection operator everywhere.
cryptsetup: drop "headless" bool, make it a flag in AskPasswordFlags instead
This bool controls whether we should interactively ask for a password,
which is pretty much what the ask_password-api.c APIs are about. Hence,
just make the bool a flag in AskPasswordFlags enum, and use it
everywhere.
This still catches the flag early in upper levels of the codebase,
exactly as before, but if the flag is still present in the lower layers
it's also handled there and results in ENOEXEC if seen.
This is mostly an excercise in simplifying our ridiculously long
function call parameter lists a bit.
cryptenroll,cryptsetup: clean up unlock credential for TPM2 + FIDO2
Let's make sure that when cryptenroll asks for the TPM2 or FIDO2 token
PIN it uses cryptenroll.* credential namespace, and cryptsetup uses
cryptsetup.*.
pkcs11-util: clean up credential handling for PKCS11 PIN
similar as the previous commit, let's clean up the credential name we
use. Use home.token-pin in case of homectl, and cryptenroll.pkcs11-pin
in case of cryptenroll.
cryptenroll: use a different credential for new new PIN
The TPM2 enrollment is the only of the three token enrollments where the
user picks a PIN at enrollment time (the others have a PIN set for the
token, not for the enrollment). Let's make sure it uses a different
credential for retrieving this PIN, in order to make sure people can
programmatically change PINs via credentials (in which case they need to
supply both).
Querying a fido2 PIN via askpw for enrolling is currently used in two
places: cryptenroll and homectl. So far we sloppily used the same fixed
credential name "fido2-pin" in both cases. Let's tweak that and make the
credential name match the other credentials cryptenroll or home query,
i.e. using the cryptenroll.* and home.* namespaces.
This is particular done in light of #31370, which wants to make the
credential name public. We really should get the name in order before
making it public.
The "id" is used in the askpw protocol to recognize password prompts, in
case a service is replying to them and needs some id. Previously we set
an incorrect id, the one of cryptsetup. Fix that.
(I guess the id is not used much, it comes from a time where we had no
credentials, and thus some people wanted to supply passphrases
programmatically rather interactively. The usecase is probably gone, but
we should still set some valid id I guess.)
Frantisek Sumsal [Mon, 19 Feb 2024 19:41:49 +0000 (20:41 +0100)]
test: verify our own units (where applicable)
This is inspired by one of our internal tests that does pretty much the
same thing. However, it is slightly more convoluted than I'd like it to
be, since I really don't want to duplicate the list of our units in
another place, so we need to, somehow, pass the list from the meson file
to the test script. I originally envisioned this to be a part of the
unit test suite, but this doesn't work for unit files with absolute
paths to binaries, as we'd have to install the build first (maybe using
a chroot would work?).
It doesn't check man pages (since they might not be installed on the
test machine) and also skip recursive dependencies (as that would trip
over issues in files that are not under our direct control), but it
should still cover typos and such.
There are currently two units for which the check had to be disabled -
syslog.socket, as the corresponding syslog.service might not be
installed, and rc-local.service as that's a compat API and the necessary
/etc/rc.d/rc.local file may not (and most likely won't be) present.
timesyncd: reorder structs instead of useless bitfields
Because of alignment, those bitfields were not doing anything useful,
and were causing the generated code to be more complicated. But in this
case, at least potentially there might be a number of copies of those
structs (if we have a bunch of time servers configured), so let's actually
implement the intended space savings by reording the fields to reduce the
size of holes.
core/kmod-setup: drop another pointless bitfield annotation
We have two bools followed by a func pointer, which is aligned to e.g. 8 bytes,
so whether the two bools take one bit, one byte, or even a full word, makes no
difference in storage size. But the code generated to service a bitfield is
more complicated.
projects / thirdparty / systemd.git / log
