timesyncd: make sure to update mtime of clock file on each boot
Let's make sure the timestamp file's mtime is guaranteed to change for
each boot, so that it is a useful indicator of time. Or in other words
this gurantees that systemd-timesyncd.service acts as a new kind of
milestone: that time definitely progressed on this boot even the machine
died abnormally imediately after.
timesyncd: write structured log messages whenever we bump the clock based on disk timestamp
It's useful being able to easily detect if a disk-based clock bump was
done, let's make it a structure message, the same way as acquiring an
NTP fix already is.
Also, set the clock to 1 µs further than the timestamp from the disk,
after all we know that that timestamp was current when it was written,
hence it can't be the right one right now anymore.
Jan Janssen [Fri, 20 Jan 2023 13:11:54 +0000 (14:11 +0100)]
boot: Properly strip EFI binaries
Removing debugging related sections is apparently not enough to truely
strip a (PE) binary.
Better late than never. It gets rid of this pesky warning from sbsign:
warning: data remaining[174080 vs 193173]: gaps between PE/COFF sections?
These combine strndup() + strspn()/strcspn() into one.
There are a bunch of strndupa() calls that could use similar treatment
(or should be converted to strdup[c]spn(), but this commit doesn't
bother with that.
Waltibaba [Fri, 20 Jan 2023 07:38:13 +0000 (08:38 +0100)]
hwdb: Add Chuwi Hi10X (N4120 version) iio matrix
There is a later model version of the Chuwi Hi10X that has significantly changed components compared to the existing hwdb one. Differentiator (on Chuwi forums, in thesofproject, etc.) is the N4120 rather than the N4100 processor.
The svn and pn seem to be identical, my Chuwi Hi10X matches with the old model except for the changed KIOX000A* iio sensor.
With the added ACCEL_MOUNT_MATRIX, my device works on gnome and has the correct (right-up) output in monitor-sensors.
Luca Boccassi [Thu, 19 Jan 2023 23:20:55 +0000 (23:20 +0000)]
sd-login: add sd_pidfd_* APIs
Same as the sd_pid_* counterparts, but take a pid file descriptor instead of
a pid, so that the callers can be sure that the returned values are really
about the process they asked for, and not about a recycled PID.
Michal Koutný [Wed, 18 Jan 2023 22:20:31 +0000 (23:20 +0100)]
core: mount namespaces: Remove auxiliary bind mounts directory after unit termination
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
Ludwig Nussel [Thu, 8 Dec 2022 15:27:31 +0000 (16:27 +0100)]
bootctl: unlink and cleanup functions
The unlink command removes an entry from the ESP including
referenced files that are not referenced in other entries. That is
useful eg to have multiple entries that use the same kernel with
different options.
The cleanup command removes all files that are not referenced by any
entry.
Yu Watanabe [Thu, 19 Jan 2023 09:21:34 +0000 (18:21 +0900)]
network: assume prefix length is full address size
The commit 0f707207b9fc04d45ad176930cfefc77c0068545 enables strong
warning about missing prefix length in Address= setting.
The change was done in v241, and was about 4 years ago.
Let's drop the legacy assumption and make the parser consistent with
'ip address' command.
William Roberts [Wed, 18 Jan 2023 14:45:53 +0000 (08:45 -0600)]
tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.
Signed-off-by: malikabhi05 <abhishek.malik@intel.com> Signed-off-by: William Roberts <william.c.roberts@intel.com>
Jan Janssen [Tue, 23 Aug 2022 08:51:36 +0000 (10:51 +0200)]
boot: Drop use of Print
The custom print helpers have been replaced with explicit checks at the
call site to keep this in line with the way it is done in userspace. Any
calls where the check has been ommited should not need them as the value
is expected to alawys be around.
Jan Janssen [Thu, 18 Aug 2022 11:43:19 +0000 (13:43 +0200)]
tree-wide: Use __func__ in asserts
clang puts the whole function signature in __PRETTY_FUNCTION__, which is
a bit excessive for something that can already be figured out by using
the line number.
Luca Boccassi [Mon, 16 Jan 2023 23:46:01 +0000 (23:46 +0000)]
core: add GetUnitByPIDFD method and use it in systemctl
A pid can be recycled, but a pidfd is pinned. Add a new method that is safer
as it takes a pidfd as input.
Return not only the D-Bus object path, but also the unit id and the last
recorded invocation id, as they are both useful (especially the id, as
converting from a path object to a unit id from a script requires another
round-trip via D-Bus).
Note that the manager still tracks processes by pid, so theorethically this
is not fully error-proof, but on the other hand the method response is
synchronous and the manager is single-threaded, so once a call is being
processed the unit database will not change anyway. Once the manager
switches to use pidfds everywhere, this can be further hardened.
dissect-image: add probe_sector_size() helper for detecting sector size of a GPT disk image
When we operate with DDIs with sector sizes != 512 we need to configure
the loopback device to match it, otherwise the image and the kernel
block device will disagree what things are.
Let's add a prober that tries to determine the sector size of a GPT DDI.
It does this by looking for the GPT partition table header at the
various byte offsets they must be located on, given a specific sector
size. It will try sector size 512, 1024, 2048 and 4096. Of these only
the 512 and 4096 really make sense IRL I guess, but let's be thorough.
Dmitry V. Levin [Tue, 17 Jan 2023 08:00:00 +0000 (08:00 +0000)]
coredump: use fstatvfs to check the available space
Given that we already have the file descriptor opened for writing, it
would make sense to call fstatvfs with that file descriptor rather than
statvfs with the directory path that was used to open that descriptor.
Daan De Meyer [Thu, 12 Jan 2023 21:42:30 +0000 (22:42 +0100)]
repart: Allow configuring sector size
Let's allow users to configure the (logical) sector size of their
image. This is required when building images for a 4k sector size
disk on a 512b sector size host or vice-versa.
Jan Janssen [Tue, 17 Jan 2023 14:51:42 +0000 (15:51 +0100)]
boot: Fix missed argument to Print()
This fixes 3e87a057a796b57bf9540b948823fbefef6693d7, which passed the
path to the wrong Print() call. Miraculously, this was printing the
correct path during testing and was therefore missed.
Frantisek Sumsal [Tue, 17 Jan 2023 11:14:13 +0000 (12:14 +0100)]
units: don't install pcrphase-related units without gnu-efi
since we don't have systemd-pcrphase built anyway, which breaks the tests:
...
I: Attempting to install /usr/lib/systemd/systemd-networkd-wait-online (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-network-generator (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-oomd (based on unit file reference)
I: Attempting to install /usr/lib/systemd/systemd-pcrphase (based on unit file reference)
W: Failed to install '/usr/lib/systemd/systemd-pcrphase'
make: *** [Makefile:4: setup] Error 1
make: Leaving directory '/root/systemd/test/TEST-01-BASIC'
tpm2: add common helper for checking if we are running on UKI with TPM measurements
Let's introduce a common implementation of a function that checks
whether we are booted on a kernel with systemd-stub that has TPM PCR
measurements enabled. Do our own userspace measurements only if we
detect that.
PCRs are scarce and most likely there are projects which already make
use of them in other ways. Hence, instead of blindly stepping into their
territory let's conditionalize things so that people have to explicitly
buy into our PCR assignments before we start measuring things into them.
Specifically bind everything to an UKI that reported measurements.
This was previously already implemented in systemd-pcrphase, but with
this change we expand this to all tools that process PCR measurement
settings.
The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE,
to make it more generic (since we'll use it at multiple places now).
This is not a compat break, since the original env var for that was not
included in any stable release yet.
units: rework growfs units to be just a regular unit that is instantiated
The systemd-growfs@.service units are currently written in full for each
file system to grow. Which is kinda pointless given that (besides an
optional ordering dep) they contain always the same definition. Let's
fix that and add a static template for this logic, that the generator
simply instantiates (and adds an ordering dep for).
This mimics how systemd-fsck@.service is handled. Similar to the wait
that for root fs there's a special instance systemd-fsck-root.service
we also add a special instance systemd-growfs-root.service for the root
fs, since it has slightly different deps.
units: measure /etc/machine-id into PCR 15 during early boot
We want PCR 15 to be useful for binding per-system policy to. Let's
measure the machine ID into it, to ensure that every OS we can
distinguish will get a different PCR (even if the root disk encryption
key is already measured into it).
projects / thirdparty / systemd.git / log
