Luca Boccassi [Fri, 4 Aug 2023 12:34:00 +0000 (13:34 +0100)]
portablectl: fix regression when using --force without extension parameters
c18f4eb9e96836a made it possible to use --force with various verbs, by
going through the newer D-Bus methods. Except it didn't, as it regressed
during PR review refactorings, and nobody noticed because there were no
tests for it. Fix it, and add tests.
Daan De Meyer [Fri, 4 Aug 2023 08:40:30 +0000 (10:40 +0200)]
mkosi: Make sure our systemd build always overrides the distros
Currently, we install the systemd install tree in the base image and
then build the initrd and final images from the base image. This means
if that any systemd package is pulled in during the initrd or final
image builds, it will override our version.
To fix this, we stop installing our build of systemd in the base image,
and store it in the output directory instead. That allows us to refer to
it using ExtraTrees= in the final and initrd image builds to install it
after all the distro packages have been installed, ensuring our version
always takes priority.
Dan Streetman [Thu, 3 Aug 2023 18:44:57 +0000 (14:44 -0400)]
tpm2: use CreatePrimary() to create primary keys instead of Create()
Older versions used CreatePrimary() to create a transient primary key to use
when creating a sealed data object. That was changed in v254 to use Create()
instead, which should result in the same transient key, but it seems some
hardware TPMs refuse to allow using Create() to generate primary keys.
This reverts to using CreatePrimary() to create primary key.
Mike Yuan [Thu, 3 Aug 2023 13:42:00 +0000 (21:42 +0800)]
vconsole: support KEYMAP=kernel for preserving kernel keymap
Follow-up for #26089 and #28505
Currently, if default-keymap is not empty, there's no way
to ask vconsole-setup to retain the kernel keymap. Let's
accept a special value "kernel" for that purpose.
Addresses the problem mentioned in https://github.com/systemd/systemd/pull/28505#issuecomment-1663681665
Kernel patch [1] fixed bugs in rfkill handling on MSI Wind U100. Now
that the HW rfkill reports the correct state, and the SW rfkill is
controllable from userspace, it's necessary to mute KEY_WLAN and
KEY_BLUETOOTH generated on HW rfkill state changes. Otherwise, the
userspace will react to these keys and toggle the SW rfkill as well,
which is not desired, because the user may end up with non-functional
radios if HW and SW rfkills are out of sync.
Blocking these keycodes doesn't impair user experience, because the
desktop environment can still react to HW rfkill events and act
accordingly (for example, show notifications).
While at it, use "unknown" instead of "reserved" to mute keys, to avoid
the "atkbd serio0: Unknown key pressed" flood in dmesg.
This partially revert 0454cf05d38d289474ca65c1917d414b2958f6b5.
The executable actually does not work with itself, but needs to be
combined with test-udev.py. But, even so, the executable is for testing.
In the next commit, test and normal executables are declared in the same
way, and naming of the executable becomes essential to classify them.
Let's rename the executable and prefix with 'test-'.
Daan De Meyer [Tue, 1 Aug 2023 19:38:39 +0000 (21:38 +0200)]
repart: Add --copy-from option
--copy-from synthesizes partition definitions from the given image
which are then applied to the repart algorithm. In its most basic
form, this allows copying an image to another device but it can
also be combined with --definitions to copy + add partitions in the
same call to repart.
Yu Watanabe [Wed, 2 Aug 2023 14:33:14 +0000 (23:33 +0900)]
udev: decrease devlink priority for encrypted partitions
Decrease devlink priority for encrypted partitions, and make the priority for
decrypted DM devices relatively higher. This is for the case that an encrypted
partition and its decrypted DM device have the same label.
Khem Raj [Wed, 2 Aug 2023 17:33:48 +0000 (10:33 -0700)]
include sys/file.h for LOCK_EX
Fixes
| ../git/src/basic/user-util.c:708:30: error: use of undeclared identifier 'LOCK_EX'; did you mean 'LOCK_BSD'?
| 708 | r = unposix_lock(fd, LOCK_EX);
| | ^~~~~~~
| | LOCK_BSD
This is clearly a change that can break existing units, and broke my
system in at least two different ways. For this reason this should have
been added to NEWS in #26458, specifically c2da3bf, but wasn't.
Yu Watanabe [Wed, 2 Aug 2023 17:12:10 +0000 (02:12 +0900)]
network-generator: make network file generated from ip=dhcp matches only physical interfaces
Otherwise, it also matches later created virtual devices, and that
breaks networks generated and managed by container management services,
like docker.
Jan Janssen [Wed, 2 Aug 2023 14:00:07 +0000 (16:00 +0200)]
boot: Fix boot counting for XBOOTLDR entries
We were passing the dir handle for the ESP to
config_entry_bump_counters(), which will obviously fail if the entry
actually resides on the XBOOTLDR partition.
Jan Janssen [Wed, 2 Aug 2023 13:16:33 +0000 (15:16 +0200)]
bless-boot: Actually return successfully
$ journalctl -u systemd-bless-boot.service
systemd[1]: Starting Mark the Current Boot Loader Entry as Good...
systemd-bless-boot[536]: Marked boot as 'good'. (Boot attempt counter is at 2.)
systemd-bless-boot[536]: Can't find boot counter source file for '/loader/entries/arch.conf': Device or resource busy
systemd[1]: Finished Mark the Current Boot Loader Entry as Good.
Yu Watanabe [Tue, 1 Aug 2023 13:30:57 +0000 (22:30 +0900)]
udev-builtin-net_id: first parse USB or BCMA identifier, then parse PCI properties
Previously, we first generate names based on the PCI slot and ACPI
onboard index, and then append an identifier based on USB or BCMA bus
if it exists in between the PCI bus and the interface.
However, if there exists USB or BCMA bus, the name based on the
ACPI onboard index is not used.
So, let's invert the order; first generate USB or BCMA identifier if the
bus exists, then prepend the name with the PCI slot identifier.
With this change, we can drop Names struct, and each naming logic
becomes self-consistent.
Yu Watanabe [Tue, 1 Aug 2023 05:27:25 +0000 (14:27 +0900)]
udev-builtin-net_id: split out names_pci_onboard_label() from dev_pci_onboard()
Then call it only when it is necessary. The label is used only when the
interface is directly connected to the PCI bus, and it does not have the
SR-IOV feature (or the naming based on SR-IOV is disabled).
Curtis Klein [Fri, 5 May 2023 23:17:13 +0000 (16:17 -0700)]
watchdog: Allow the watchdog to be disabled at runtime
manager_{get|set|override}_watchdog check the validity of the new
timeout or the overridden timeout values using timestamp_is_set which
does not recognize "0" as a valid value. However since f16890f, "0"
indicates a disabled watchdog and so is a value we should be able to
configure in order to disable the watchdog. A value of USEC_INFINITY is
considered a no-op. The behavior should be the same for all watchdog
timeout configurations (runtime, pretimeout, and shutdown).
David Rheinsberg [Mon, 17 Jul 2023 10:17:56 +0000 (12:17 +0200)]
basic/memfd: fix memfd_map() seal test
Private mappings are required when F_SEAL_WRITE is set on a memfd,
because otherwise you could end up with writable mappings through
mprotect() and other calls. This is a limitation of the kernel
implementation, and might be lifted by future extensions.
Regardless, the current code tests for the full `is_sealed()` before
using MAP_PRIVATE. This might end up using MAP_SHARED for write-sealed
memfds, which will be refused by the kernel.
Fix this and make memfd_map() check for exactly `F_SEAL_WRITE`.
projects / thirdparty / systemd.git / log
