The tool initially just measured the boot phase, but was subsequently
extended to measure file system and machine IDs, too. At AllSystemsGo
there were request to add more, and make the tool generically
accessible.
Hence, let's rename the binary (but not the pcrphase services), to make
clear the tool is not just measureing the boot phase, but a lot of other
things too.
The tool is located in /usr/lib/ and still relatively new, hence let's
just rename the binary and be done with it, while keeping the unit names
stable.
While we are at it, also move the tool out of src/boot/ and into its own
src/pcrextend/ dir, since it's not really doing boot related stuff
anymore.
mkosi: Run meson and ninja as the user invoking mkosi
Latest mkosi sets $MKOSI_UID and $MKOSI_GID to the uid/gid of the
user running mkosi. Let's make use of this to run meson setup and
ninja as the user running mkosi, so that if we execute git as a
subprocess during meson setup, it doesn't complain about unsafe
directories. This also makes sure all the build artifacts are owned
on the host by the user running mkosi.
This commit adds hwdb entry for Miglia Technology Harmony Audio (HA02).
The device is an application of OXford Semiconductor FW970 and will be
supported by ALSA oxfw driver in future.
On slower/overloaded systems it may take a bit for the swtpm socket
to show up:
I: Started swtpm as PID 189419 with state dir /tmp/tmp.pWqUutuGUj
I: Configured emulated TPM2 device tpm-spapr
+ tee /var/tmp/systemd-test-TEST-70-TPM2_1/console.log
+ timeout --foreground 1200 /bin/qemu-system-ppc64le -smp 4 ...
qemu-system-ppc64le: -chardev socket,id=chrtpm,path=/tmp/tmp.pWqUutuGUj/sock: Failed to connect to '/tmp/tmp.pWqUutuGUj/sock': No such file or directory
E: qemu failed with exit code 1
Spotted regularly in the ppc64le cron job and in some Ubuntu CI/CentOS CI
pr runs [0].
We can't do anything about them anyway, and most importantly this seems
to alleviate systemd/systemd-centos-ci#660, which should make the CIs
a bit less angry (at least until the issue is addressed properly).
I recently tried adding a FIDO2-Device as an unlocking method to the LUKS2 partition containing my Fedora install.
When trying to do this, I stumbled upon the here edited man files detailing how to do this.
I however could not unlock my partition with my FIDO2-Device after editing /etc/crypttab and rebooting.
As I found out after a while, I needed to regenerate / update my currently running / used initramfs (https://unix.stackexchange.com/a/705809).
This would have most likely solved itself for me with the next kernel update install (as far as I understand).
So I propose changing the files edited here to recommend or at least inform the user about this.
repart: Don't fail on boot if we can't find the root block device
When booting from virtiofs, we won't be able to find a root block
device. Let's gracefully handle this similar to how we don't fail
if we can't find a GPT partition table.
mkosi: Don't skip initrd dependency when building a directory image
mkosi now supports booting directory images in qemu using virtiofs.
However, until distribution kernels build the virtiofs driver directly
into the kernel, we need an initrd to make this work, so make sure to
pull in the initrd preset when building a directory image that could be
bootable to make this work.
network: make DEFINE_NETDEV_CAST() assert on input and output
The macro used to return NULL if input was NULL or had the wrong type. Now
it asserts that input is nonnull and it has the expected type.
There are a few places where a missing or mismatched type was OK, but in a
majority of places, we would do both of the asserts. In various places we'd
only do one, but that was by ommission/mistake. So moving the asserts into the
macro allows us to save some lines.
We have two fields: inherit and ttl, and ttl is ignored if inherit is true.
Setting TTL=inherit and later TTL=n would not work because we didn't unset
inherit.
network/fou-tunnel: simplify parsing of protocol number
Previously, we would call parse_ip_protocol(), which internally calls
safe_atoi(), and then call safe_atou(). This isn't terrible, but it's also
slightly confusing. Use parse_ip_protocol_full() to avoid the second call.
shared/ip-procotol-list: generalize and rework parse_ip_protocol()
Optionally, accept protocols that don't have a known name.
Avoid any allocations in the common case.
Return more granular error codes: -ERANGE for negative values,
-EOPNOTSUPP if the protocol is a valid number, but we don't know
the protocol, and -EINVAL only if it's not a numerical string.
network: use a common helper to parse bounded ranges
This compresses repetetive code and makes it easier to add new options
in networkd. The formatting of error messages becomes uniform. The
error message always specifies the rvalue literally, instead of using
a "descriptive name". This makes the message much easier to handle for
the user.
I opted to add just one parser, and wrap it with inline functions to proxy
the type. This is less verbose than copying functions for each type
separately, and the compiler should be able to get rid of the inline wrapper
almost entirely.
asserts are reordered to use the same order as the parameter list.
This makes the code easier to read.
No functional change intended, apart from the difference in error message
formatting.
Adam Williamson [Tue, 19 Sep 2023 23:06:26 +0000 (16:06 -0700)]
find_legacy_keymap: extend variant match bonus again
If the column is "-" and the X context variant specifer only
contains commas, we should also give the match bonus. The variant
string is supposed to be a comma-separated list as long as the
list of layouts, so it's quite natural for consumers to be written
in such a way that they pass a string only containing commas if
there are multiple layouts and no variants. anaconda is a real
world case that does this.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Installing ukify.py doesn't require a working UEFI architecture, but
only that the bootloader option is enabled (and python3). On Debian
Arch: all packages (like python scripts) can theorethically be built
on any builder with any architecture, so there's no guarantee that
it will actually be an EFI-enabled architecture to do that package build.
Relax the requirement to check only for the ukify config option.
For file:// links, we urlify the link so that the user can click and either
open the file in a editor or some viewer. The detection is chosen via some
mechanism implemented by the terminal emulator. This seems too DTRT for text
files and PDFs, which should cover the majority of realistic cases. If the file
is not viable, the terminal emulator will say
"Could not open file://…. No application is registered to view this file type."
or similar.
For all other links, which are primarily http:// and https://, we just show the
link, letting the terminal handle the hyperlinking. The user can then ctrl-click
and open the file it their browser. If we tried to open the files automatically,
we'd would need to open many pages, and we'd need to figure out what browser to
use, etc. When the user picks whether to open the file, this leads to a nicer
user experience.
Man pages are separated by an empty line from preceding in and following output.
In my testing, this makes the output easier to read. A bit of explicit flushing
is needed to make sure that various outputs are not interleaved.
When running unprivileged, 'DESTDIR=… meson install -C build --quiet --no-rebuild'
would emit two warnings:
'…/var/log/journal': Unable to set owner 'root' and group 'root': Operation not permitted, ignoring...
'…/var/log/journal/remote': Unable to set owner 'root' and group 'root': Operation not permitted, ignoring...
Those were the only two install_emptydir()s that specified ownership.
Let's drop the user/group specification to get rid of the warning.
When installing as root, we will create a root-owned directory anyway.
When not running as root, we cannot create a root-owned directory.
So this specification only makes a difference if we are running as root,
and the directory already existed, and was not owned by root. In that case,
I think it's actually better to leave the existing modification in place.
(E.g. maybe the admin chgrp'ed the ownership for whatever reason. We might
just as well leave that in place.)
Note, previously, we set 1 second if the time value is zero.
But the adjustment is dropped now, as for the lifetime we have explicit
check that the message has non-zero lifetime, and for T1 and T2 we have
better adjustment in client_set_lease_timeouts().
This splits sd_dhcp6_lease_get_address() into small pieces,
and introduce FOREACH_DHCP6_ADDRESS() macro.
Also, the lifetimes provided by _get_address_lifetime() are now in usec,
and _get_address_lifetime_timestamp() provides timestamp.
Otherwise, sd_journal_previous() -> real_journal_next(DIRECTION_UP) ->
next_beyond_location() wrongly handles that previously we hit EOF of
the file, and returns 0 without finding a matching entry.
Let's replace the "compat" module in our proposed nsswitch.conf
configuration with "files", since it is not 1995 anymore.
Fedora and other distros have deprecated and removed NIS support a while
back. While others still retain some support I am not sure we should
advertise it in our examples. Downstream can of course still use
"compat" instead of "files" if they want to, but let's not confuse
people who don't care about NIS anymore with this.
Also, bring the nsswitch.conf snippet in README in line with what our
man pages say.
Also see: https://fedoraproject.org/wiki/Changes/retire_NIS_user_space_utils
Valentin David [Tue, 19 Sep 2023 18:31:04 +0000 (20:31 +0200)]
dissect: Accept signature for usr+usr-verity+usr-verity-sig images
An image with usr+usr-verity+usr-verity-sig without sidecar files would not be
detected as signed because it would looke for root-verity-sig instead. Because
dissect was not able to detect it, it also made /usr sysexts using an usr
partition to not be mounted with verity.
Also adds a brief paragraph about initrd transitions. (Plymouth really
should start using the fdstore for pinning DRM objects, and stop trying
to survive the initrd→host transition)
This compares two PidRef structures via the pid_t field. Ideally we'd do
a stricter comparison here, that is safe towards PID reuse, but so far
the pidfd API lacks suitable mechanisms for that, hence do the best we
can do.
DTBs can map and assign arbitrary memory ranges. The kernel refuses
to load one from the dtb= kernel command line parameter when secure
boot is enabled, as it's not safe. Let's do the same for type 1
entries, as they are unverified.
This only affects arm64 and riscv64, firmwares do not support DTB
on x86.
scope: only stop watching processes when we go down
Let's not stop watching processes on every scope state change. This
corrects behaviour when a scope is being enqueued and hasn't started
yet, but has processes associated to it already. previously, if we'd doa
full PID 1 reload we'd stop watching those pids. With this change we'll
continue watching them in that case, and only stop watching them when
the scope unit really shuts down after first being up.
We only need a separate mount namespace if we're operating on a
btrfs block device so let's make sure we only unshare the mount
namespace if that's the case.
boot: use separate SBAT project names for stub and boot
The implementations are not 100% overlapping, so use different identifiers, so
that revocations can be done independently. e.g.: a bug that affects only
sd-boot won't necessarily cause old UKIs to be revoked.
projects / thirdparty / systemd.git / log
