creds-util: permit credentials encrypted/signed by fixed zero length keys as fallback for systems lacking TPM2
This is supposed to be useful when generating credentials for immutable
initrd environments, where it is is relevant to support credentials even
on systems lacking a TPM2 chip.
With this, if `systemd-creds encrypt --with-key=auto-initrd` is used a
credential will be encrypted/signed with the TPM2 if it is available and
recognized by the firmware. Otherwise it will be encrypted/signed with
the fixed empty key, thus providing no confidentiality or authenticity.
The idea is that distributions use this mode to generically create
credentials that are as locked down as possible on the specific
platform.
creds-util: add an explicit 128bit ID for identifying "automatic" key determination
Previously, when encrypting creds you could pick which key to use for
this via a 128bit ID identifying the key type, and use an all zero ID
for rquesting automatic mode.
Let's change this to use an explicitly picked 128bit ID for automatic
mode, i.e. something other than all zeros. This is in preparation for
adding one further automatic mode with slightly different semantics.
no change in behaviour.
Note that the new 128bit id is never written to disk but only used
internally to indicate a specific case.
journal-def.h should be self-contained too, as it represents the journal object ABI.
Duplicate the enums, as they also need to be in config.h for it to be self-contained,
and enums are not available to the preprocessor. Use an assert to ensure they don't
diverge.
clone3() passes arguments in a structure referenced by a pointer, so we can't
filter on the flags as with clone(). Let's disallow the whole function call.
path-util: make readlink_value() refuse O_DIRECTORY returned from path_extract_filename()
The function is now only used by sd-device.c and pam_systemd.c, and they
expects the result are not directory. Hence, it is safe to change the
behavior.
nspawn: fix locating config files with --ephemeral
When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.
compression: add build-time option to select default
Compression and decompression are controlled by the same build flag,
so if one wants to use, say, LZ4 to compress, ZSTD has to be disabled,
which means one loses the ability to read zstd-compressed journals.
Add a default-compression meson option, that allows to select any of
the available compression algorithms as the default.
systemctl: colorize "enabled" in 'systemctl status ...'
"enabled" state is highlighted in green and "disabled" state is
highlighted in yellow because I felt that white and grey colors were not
so distinguishable. Other states are not highlighted. Any other coloring
suggestions are welcome!
After a couple of manual tests LGTM finally appears to have the fix for
https://github.com/github/codeql/issues/8409, so let's reenable the
check for the last time.
Jan Janssen [Wed, 16 Feb 2022 11:28:20 +0000 (12:28 +0100)]
boot: Fix integer format specifiers
gnu-efi only knows two sizes for formatting integers: 32bit without
a length prefix and 64bit with 'l' prefix. Provide a PRI-style format
specifier for (U)INTN so that Print() can read the right amount of
bytes instead of printing garbage or worse.
sd-device: skip diskseq verification when ID_IGNORE_DISKSEQ property is set
Some drivers do not announce the diskseq change.
E.g. for md devices, the kernel increments the diskseq *after*
emitting a 'change' uevent when backing block devices are added to
a md device, and udevd does not receive no uevent which contains
the new diskseq.
basic: split out dev_t related calls into new devno-util.[ch]
No actual code changes, just splitting out of some dev_t handling
related calls from stat-util.[ch], they are quite a number already, and
deserve their own module now I think.
Also, try to settle on the name "devnum" as the name for the concept,
instead of "devno" or "dev" or "devid". "devnum" is the name exported in
udev APIs, hence probably best to stick to that. (this just renames a
few symbols to "devum", local variables are left untouched, to make the
patch not too invasive)
Currently if enumerating with debug logging you'll likely see something
like this:
sd-device: the syspath "/sys/class/devcoredump/disabled" is not a directory.
sd-device: the syspath "/sys/class/firmware/timeout" is not a directory.
sd-device: the syspath "/sys/class/zram-control/hot_remove" is not a directory.
sd-device: the syspath "/sys/class/zram-control/hot_add" is not a directory.
sd-device: the syspath "/sys/class/drm/version" is not a directory.
This is because these sysfs classes place regular files in these
directories, which we so far didn't expect.
Let's filter them early, and only bother with enumerated inodes if they
actually are dirs or symlinks, i.e. can be kobject dirs. Regular file
definitely never are kobject dirs...
sd-device: generate e better error code when trying to allocate sd_device for non-dir
Currently, for sysfs paths outside of /sys/devices/ we do better
checking if something is a suitable path: we check if it's actually a
directory, and if not return ENODEV.
Let's make the codepath for nodes *inside* of /sys/device/ similar:
let's also return ENODEV if the path supplied is not a directory.
Previously, we'd return ENOTDIR in that case, which is quite confusing I
think.
There are some file systems mounted below /sys/ that are not actually
sysfs, i.e. are not arranged in a sysfs/kobject style. Let's refuse
those early. (Example, /sys/fs/cgroup/ and similar.)
(Also, let's add an env var for this, so that it can be turned off for
test cases.)
chase_symlinks() can return its last O_PATH fd to us. Let's use that and
make the access() check a bit tighter by going via faccessat() on the
O_PATH fd.
This doesn't really change too much, but is nice in context of the next
commit, which uses the O_PATH fd in one other way.
projects / thirdparty / systemd.git / log
