Jan Janssen [Mon, 12 Jun 2023 13:12:05 +0000 (15:12 +0200)]
boot: Unify protocol opening
We are using HandleProtocol everywhere except in these few cases. This
unifies on HandleProtocol as it is simpler to use and equivalent to
OpenProtocol.
The only difference between the two is that OpenProtocol attributes the
opened protocol to a firmware-owned handle instead of our image handle.
This has no real use for regular UEFI applications as any protocols
opened via BY_HANDLE or GET_PROTOCOL is not required to be closed. In
fact, when a protocol is uninstalled it will do nothing more than reduce
the open count for these.
The current start + stop timeouts for xdg autostart files are *very*
short with 5s. On a busy system this might be too easy to hit even in
unintended case.
Apparently, the intention here was to cut the shutdown logic short.
(https://github.com/systemd/systemd/issues/27919#issuecomment-1580576178)
Let's hence stick to the very short timeout for that (under the
assumption that apps are written in a safe enough style to not lose data
if killed too early). But for starting XGD autostrat services, use our
regular timeouts.
Alfred Klomp [Thu, 8 Jun 2023 11:26:24 +0000 (13:26 +0200)]
integritysetup: support mode=(journal|bitmap|direct)
Add a parameter to the integritytab file to set the mode in which to
open the integrity volume. The mode can be journaled (the default),
bitmap without a journal, or direct mode without a journal or a bitmap.
This change removes the `no-journal' option because it is redundant,
being replaced with `mode=direct'.
Supercedes commit bcc1ee56c, from a week ago, which implemented
`no-journal'.
Daan De Meyer [Fri, 13 Jan 2023 15:22:46 +0000 (16:22 +0100)]
creds: Add ImportCredential=
ImportCredential= takes a credential name and searches for a matching
credential in all the credential stores we know about it. It supports
globs which are expanded so that all matching credentials are loaded.
Dan Streetman [Fri, 17 Feb 2023 17:59:18 +0000 (12:59 -0500)]
tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template()
Add functions to get either the 'legacy' or standard SRK template, for RSA or
ECC. The 'legacy' templates are those used with earlier code, where a transient
key was created to use for tpm sealing; the standard SRK is the persistent
shared key as defined in TCG guidance docs.
This also replaces tpm2_get_primary_template() with the new functions; that
function's use of flags is confusing and unnecessary.
Add tpm2_get_capability_handle() to query if a "TPM handle" (meaning, a
location/address in TPM storage) is populated in the TPM, and
tpm2_get_capability_handles() to query for a specific number of handles.
Add tpm2_esys_handle_from_tpm_handle() to create an "esys handle" (an opaque
reference for use with the TPM EAPI that represents a TPM handle address) for an
existing TPM handle.
Since the TPM handle already exists in the TPM, this also also requires
updating the cleanup code for Tpm2Handle objects to close the object (free its
resources only from the EAPI code, but leave the handle in the TPM) instead of
flush the object (which frees its EAPI resources and removes it from the TPM).
core: do not GC units/jobs that are in the D-Bus queue
Let's make sure that D-Bus messages are always sent out when pending,
before we might GC a unit/job.
This is kinda a follow-up for 8db998981a4fefd0122bcf5f965726b63c9045c2,
and a similar logic really applies: GC should only be done if we
processed everything else, generated evertyhing else and really don't
need it anymore.
This is a follow-up for 8db998981a4fefd0122bcf5f965726b63c9045c2, and
follows a similar logic: a pending OOM event really trumps everything:
we should not GC a unit while it is pending.
Dan Streetman [Wed, 17 May 2023 21:16:23 +0000 (17:16 -0400)]
tpm2: replace _cleanup_tpm2_* macros with _cleanup_()
Remove _cleanup_tpm2_context_ and _cleanup_tpm2_handle_ macros, replacing their
use with _cleanup_(tpm2_context_unrefp) and _cleanup_(tpm2_handle_freep),
respectively.
This removes documentation of SD_RESOLVED_REQUIRE_PRIMARY and
SD_RESOLVED_CLAMP_TTL, which are internal flags, and not usable from
outside of resolved. They are refused by D-Bus APIs, for a reason.
Various other fixes/clean-ups of the relevant docs (including reordering
of the flags docs by "grouping" rather than bit values).
Cyril Roelandt [Wed, 7 Jun 2023 12:33:19 +0000 (14:33 +0200)]
Fix zsh completion for "localectl set-locale"
When running:
$ localectl set-locale LC_MESSAGES=<TAB>
One is prompted with a list of locale fields instead of the list of
valid locales. This is because by calling "compset -P1 '*='", we modify
the $PREFIX special parameter before testing whether it contains an
equal sign. Therefore
if [[ -prefix 1 *\= ]]
is always false, and we always suggest a list of locale fields to the
user.
Balló György [Wed, 7 Jun 2023 11:33:18 +0000 (13:33 +0200)]
kbd-model-map: change the order of Hungarian keymaps
This changes the console layout from 'hu101' to 'hu' when the user calls 'localectl set-x11-keymap hu', because 'hu' is the expected layout instead of 'hu101' for most users.
Michal Sekletar [Wed, 31 May 2023 16:50:12 +0000 (18:50 +0200)]
pam: add call to pam_umask
Setting umask for user sessions via UMASK setting in /etc/login.defs is
a well-known feature. Let's make sure that user manager also runs with
this umask value.
The old syntax with linux + initrds as positional arguments is still accepted,
but a warning is emitted. We should remove the support for this after the
next release or so.
Adding a single verb by itself is not very useful, but opens the door to adding
other verbs.
Without this, the tests would generally be skipped, since we haven't made a
release with the addon stub yet. But even if the file is there, we always want
to test the freshly-built item.
Daan De Meyer [Mon, 5 Jun 2023 11:15:04 +0000 (13:15 +0200)]
repart: Do online encryption when loop devices are available
Online encryption is much faster then offline encryption when using
cryptsetup. To take advantage of this, when loop devices are available,
let's use online encryption instead off offline encryption to encrypt
partitions.
The online encryption logic is the same logic as was removed in 48a09a8fff480aab9a68e95e95cc37f6b1438751, except that it's now
integrated with PartitionTarget to ensure that logic outside of
partition_target_encrypt() has to minimally change regardless of
whether we're doing online or offline encryption.
Daan De Meyer [Thu, 1 Jun 2023 11:56:05 +0000 (13:56 +0200)]
fs-util: Allow passing NULL path to xopenat()
We recently codified in the coding style that for openat() style APIs,
an empty path can be passed both as the empty string and as NULL, so
let's make sure we follow that style in xopenat().
generators: change TimeoutSec=0 to TimeoutSec=infinity
With these settings we intend to turn off timeouts for possibly
interactive/slow commands. The officially documented way to turn off the
time-outs is to setting them to infinity. So far we set them to zero
here though.
This lead to some confusiong, for example #18224. Let's fix this by
uniformly spelling out TimeoutSec=infinity.
This doesn't change behaviour. It just makes our generated files match
what we document, without relying on historic compat support.
Dan Streetman [Fri, 17 Feb 2023 17:59:18 +0000 (12:59 -0500)]
tpm2: verify symmetric parms in tpm2_context_new()
This adds tpm2_get_capability_algs(), tpm2_supports_alg(), and
tpm2_test_parms(). These functions allow verifying that the TPM supports
specific algs and parameters.
When creating a new context, this checks if the TPM supports the symmetric algs
we use. If the TPM does not support the symmetric algs and parameters we
require, we log and return error.
This adds a function to query specific capabilities from the TPM. That is then
used in a function to query the allocation of PCRs in the TPM, i.e. which PCR
banks and indexes are available, and caches the PCR allocation when the TPM
context is created.
Turns out we can, apart from just building the module, "shove" it into
the SELinux database in a chroot as well. This brings quite significant
time savings, as the SELinux db rebuild takes 2 - 5 minutes in a VM
without acceleration (and takes currently ~half of the runtime of the test
in the C8S job).
cgls/cgtop: spell field/column "CGroup" rather than "Control Group"
In the documentation we usually spell the concept "control group".
Internally in code we usually call it "cgroup" or "CGroup". In systemctl output we
called the field "CGroup" so far, i.e. a capitalized version of the
internal name. This is of course very unsystematic. Let's clean this up
a bit: let's now say:
* in docs, continue to spell it out "control groups"
* in brief output call it "CGroup"
* internally call it "cgroup" or "CGroup"
projects / thirdparty / systemd.git / log
