]> git.ipfire.org Git - thirdparty/systemd.git/log
thirdparty/systemd.git
17 months agoFix tense in SD_MESSAGE_SHUTDOWN_STR
Andrew Sayers [Wed, 29 Jan 2025 11:03:00 +0000 (11:03 +0000)] 
Fix tense in SD_MESSAGE_SHUTDOWN_STR

This is printed by bus_manager_log_shutdown() in logind-dbus.c,
near the start of the shutdown process.

Clarify that events *will* happen, long after this message is sent.

17 months agoReduce priority of "cleared HibernateLocation" message
Andrew Sayers [Wed, 29 Jan 2025 13:13:04 +0000 (13:13 +0000)] 
Reduce priority of "cleared HibernateLocation" message

This message appears when a computer hibernates, then awakens, then reboots,
and everything goes OK.  It's a normal progress message the user doesn't need
to know about, but it distracts them from important startup messages and could
even train them to ignore the warning when the procedure fails.

Reduce the level to LOG_INFO.

17 months agocryptenroll,repart: print a log message if no access restrictions are applied to... 36200/head
Lennart Poettering [Wed, 29 Jan 2025 14:13:35 +0000 (15:13 +0100)] 
cryptenroll,repart: print a log message if no access restrictions are applied to TPM-based encryption

17 months agocryptenroll/repart/creds: no longer default to binding against literal PCR 7
Lennart Poettering [Tue, 28 Jan 2025 08:48:48 +0000 (09:48 +0100)] 
cryptenroll/repart/creds: no longer default to binding against literal PCR 7

PCR 7 covers the SecureBoot policy, in particular "dbx", i.e. the
denylist of bad actors. That list is pretty much as frequently updated
as firmware these days (as fwupd took over automatic updating). This
means literal PCR 7 policies are problematic: they likely break soon,
and are as brittle as any other literal PCR policies.

hence, pick safer defaults, i.e. exclude PCR 7 from the default mask.
This means the mask is now empty.

Generally, people should really switch to signed PCR policies covering
PCR 11, in combination with systemd-pcrlock for the other PCRs.

17 months agope: do not warn about .initrd addons
Luca Boccassi [Thu, 30 Jan 2025 01:51:05 +0000 (01:51 +0000)] 
pe: do not warn about .initrd addons

We now support them, so stop warning about them.

17 months agoFix inversion of timesyncd_usec/epoch_usec variables in clock-warp.c
Devilish Spirits [Wed, 29 Jan 2025 20:54:27 +0000 (21:54 +0100)] 
Fix inversion of timesyncd_usec/epoch_usec variables in clock-warp.c

In clock_apply_epoch() function, the /usr/lib/clock-epoch timestamp was set to timesyncd_usec instead of epoch_usec and vice-versa which produced a misleading log message about the clock source systemd used for early clock sanitization. This trivial commit fix the mistake.

17 months agotree-wide: remove some spurious newlines
Nick Rosbrook [Wed, 29 Jan 2025 13:57:44 +0000 (08:57 -0500)] 
tree-wide: remove some spurious newlines

Specifically, remove double newlines, and newlines before '}'.

17 months agomeson: generate keyboard-keys-list from local input.h
Alex Xu (Hello71) [Tue, 28 Jan 2025 22:17:01 +0000 (17:17 -0500)] 
meson: generate keyboard-keys-list from local input.h

otherwise it will use the system input.h which will fail to build if
newer than the bundled version

Fixes: 0a73c8e7b8 ("linux: import input.h and friends")
17 months agoukify: Calculate section size more correctly 36215/head
Daan De Meyer [Wed, 29 Jan 2025 13:44:27 +0000 (14:44 +0100)] 
ukify: Calculate section size more correctly

We should only use Misc_VirtualSize if it's smaller than SizeOfRawData,
since in that case it'll be the non-aligned section size. Otherwise we
have to use SizeOfRawData to get the size on disk.

17 months agoukify: Fix two typing issues
Daan De Meyer [Wed, 29 Jan 2025 13:43:06 +0000 (14:43 +0100)] 
ukify: Fix two typing issues

17 months agodocs: fix plural form
Lennart Poettering [Wed, 29 Jan 2025 12:13:31 +0000 (13:13 +0100)] 
docs: fix plural form

Addresses: https://github.com/systemd/systemd/pull/36133#discussion_r1932816287

17 months agouserdb: move filter of user/group records to the varlink server side (#36133)
Lennart Poettering [Wed, 29 Jan 2025 12:11:38 +0000 (13:11 +0100)] 
userdb: move filter of user/group records to the varlink server side (#36133)

In v257 userdbctl gained support for filtering user records with fuzzy
matching and some other parameters. It was done on the client side only.
This PR adds server-side matching, by exendting the generic userdb
varlink api.

The api is generic any may have many other implementors, hence care is
taken to fallback to exclusively client side filtering in case the
service does not support the new parameters.

In fact I even opted to not actually implement server-side filtering in
any services but systemd-userdbd.service, because it's probably not too
much an optimization in relevant services (we might want to revisit this
later). By implementing it in userdbd the primary entrypoint for userdb
is however covered: the multiplexer interface which provides a single
interface for the multitude of backends. Or in other words: the
multiplexer itself supports server-side filtering even if its own
backends don't, and will hide this neatly away.

One nice side effect from not implementing server side filtering for all
our backends is that the fallback codepaths are comprehensively tested.

Note that this adds some unit tests but not new integration test for all
this, as the filtering tests for userdbctl already existed before, we
just move their implementation from the client to the server side.

17 months agoupdate TODO
Lennart Poettering [Tue, 28 Jan 2025 16:41:13 +0000 (17:41 +0100)] 
update TODO

17 months agoTEST-07-PID1: add reprudcer for issue #35190 36186/head
Yu Watanabe [Mon, 27 Jan 2025 13:24:16 +0000 (22:24 +0900)] 
TEST-07-PID1: add reprudcer for issue #35190

17 months agocore/unit: remove path to transient unit file from unit name maps on stop
Yu Watanabe [Tue, 28 Jan 2025 01:09:32 +0000 (10:09 +0900)] 
core/unit: remove path to transient unit file from unit name maps on stop

Fixes #35190.

17 months agounit-file: introduce unit_file_remove_from_name_map()
Yu Watanabe [Tue, 28 Jan 2025 00:55:12 +0000 (09:55 +0900)] 
unit-file: introduce unit_file_remove_from_name_map()

17 months agostrv: introduce string_strv_hashmap_remove()
Yu Watanabe [Mon, 27 Jan 2025 23:50:14 +0000 (08:50 +0900)] 
strv: introduce string_strv_hashmap_remove()

17 months agoman: Update nss-myhostname.xml to reflect files
AndreFerreiraMsc [Tue, 28 Jan 2025 13:11:58 +0000 (14:11 +0100)] 
man: Update nss-myhostname.xml to reflect files

17 months agonetwork: bridge: add support for configuring locked ports (#36150)
Yu Watanabe [Tue, 28 Jan 2025 19:16:20 +0000 (04:16 +0900)] 
network: bridge: add support for configuring locked ports (#36150)

"Recently" (as of 5.18) the Linux kernel gained the ability of locking
bridge ports to restrict network access to authenticated hosts only.

This is implemented by disabling automated learning and dropping
incoming traffic from unknown hosts. User space is then expected to add
fdb entries for authenticated hosts. Once a fdb entry exist, traffic for
that host will be forwarded as expected.

This was later extended with "Mac Authentication Bypass", where the
locking was extended to fdb entries. In this mode the kernel adds fdb
entries again automatically, but they are locked by default.

To properly configure this, add two network options and one netdev
option:

* `LinkLocalLearning=` to prevent the kernel from creating unlocked
entries based on link-local traffic, which would bypass any
authentication. Needed when enabling learning on a locked port.
* `Locked=` to allow setting a bridge port to locked.
* `MACAuthenticationBypass=` to allow enabling Mac Authentication
 Bypass on a port. Requires learning to be enabled on the port as well
 (and consequently `LinkLocalLearning` disabled on the bridge).

An authenticator (e.g. hostapd) is still needed to do the actual
authentication, the kernel only provides the access control.

17 months agoMinor fixes for ukify tests (#36197)
Luca Boccassi [Tue, 28 Jan 2025 18:49:42 +0000 (18:49 +0000)] 
Minor fixes for ukify tests (#36197)

17 months agowait-online: add initial support for waiting for DNS (#34640)
Luca Boccassi [Tue, 28 Jan 2025 17:33:39 +0000 (17:33 +0000)] 
wait-online: add initial support for waiting for DNS (#34640)

Add a new flag, `--dns`, to systemd-networkd-wait-online to allow
waiting for DNS to be configured. The `--dns` flag respects the `--ipv4`
and `--ipv6` flags, as well as `--interface=` and `--any`.

17 months agotest: support slow test-ukify on Debian/Ubuntu 36197/head
Luca Boccassi [Sun, 26 Jan 2025 17:35:06 +0000 (17:35 +0000)] 
test: support slow test-ukify on Debian/Ubuntu

Kernels are installed in /boot/ so find them there too

17 months agotest: use local stub if available in test-ukify
Luca Boccassi [Sun, 26 Jan 2025 19:50:22 +0000 (19:50 +0000)] 
test: use local stub if available in test-ukify

It might not be available on a CI system in the system
path, so use the local one if it was built

17 months agoukify: Add --sign-profile
Daan De Meyer [Tue, 28 Jan 2025 08:38:26 +0000 (09:38 +0100)] 
ukify: Add --sign-profile

Let's allow configuring which UKI profiles we generate signed PCR
measurements for since there are various types of profiles for
which we do not want to generate signed PCR measurements so that they
can not unlock the encrypted rootfs.

Fixes #36173.

17 months agobootctl: move print block device path calls to command section of its own
Lennart Poettering [Tue, 28 Jan 2025 14:24:51 +0000 (15:24 +0100)] 
bootctl: move print block device path calls to command section of its own

17 months agotest: install stub package for test-ukify unit test
Luca Boccassi [Sun, 26 Jan 2025 20:06:36 +0000 (20:06 +0000)] 
test: install stub package for test-ukify unit test

17 months agonetworkd-test: add basic tests for systemd-networkd-wait-online --dns 34640/head
Nick Rosbrook [Tue, 22 Oct 2024 14:00:49 +0000 (10:00 -0400)] 
networkd-test: add basic tests for systemd-networkd-wait-online --dns

17 months agotest: add test for resolved SubscribeDNSConfiguration API
Nick Rosbrook [Tue, 22 Oct 2024 14:06:11 +0000 (10:06 -0400)] 
test: add test for resolved SubscribeDNSConfiguration API

17 months agotest: cleanup after testcase_12_resolvectl2
Nick Rosbrook [Wed, 23 Oct 2024 20:31:00 +0000 (16:31 -0400)] 
test: cleanup after testcase_12_resolvectl2

17 months agowait-online: add support for waiting for DNS configuration
Nick Rosbrook [Thu, 19 Sep 2024 19:59:50 +0000 (15:59 -0400)] 
wait-online: add support for waiting for DNS configuration

Add a new flag to systemd-networkd-wait-online, --dns, to allow waiting
for DNS to be configured.

DNS is considered configured when at least one DNS server is accessible.
If a link has the property DefaultRoute=yes (either by explicit
configuration, or because there are no routing-only domains), or if the
search domain '.' is configured, wait for link-specific DNS to be
configured. Otherwise, global DNS servers may be considered.

17 months agonetwork: bridge: add support for IFLA_BRPORT_MAB 36150/head
Jonas Gorski [Fri, 24 Jan 2025 12:15:06 +0000 (13:15 +0100)] 
network: bridge: add support for IFLA_BRPORT_MAB

Since linux commit a35ec8e38cdd1766f29924ca391a01de20163931 ("bridge:
Add MAC Authentication Bypass (MAB) support"), included since v6.2, it
is possible to enable MAC Authentication Bypass for bridge ports. In
this mode the locked port learns again, but the learned fdb entries are
locked, allowing user space to unlock hosts based seen MAC addresses.

This requires learning to be enabled on the port, and link-local
learning disabled for the bridge.

Add support to systemd-network for setting the new attribute for bridge
ports.

17 months agonetwork: bridge: add support for IFLA_BRPORT_LOCKED
Jonas Gorski [Mon, 2 Dec 2024 10:54:09 +0000 (11:54 +0100)] 
network: bridge: add support for IFLA_BRPORT_LOCKED

Since linux commit a21d9a670d81103db7f788de1a4a4a6e4b891a0b ("net:
bridge: Add support for bridge port in locked mode"), included since
v5.18,  it is possible to set bridge ports to locked.

Locked ports do not learn automatically, and discard any traffic from
unknown source MACs. To allow traffic, the userspace authenticator is
expected to create fdb entries for authenticated hosts.

Add support to systemd-network for setting the new attribute for bridge
ports.

17 months agonetwork: bridge: add support for NO_LL_LEARN
Jonas Gorski [Tue, 10 Dec 2024 15:45:20 +0000 (16:45 +0100)] 
network: bridge: add support for NO_LL_LEARN

When using locked ports on a bridge link-local learning needs to be
disabled to prevent the kernel from learning and automatically unlocking
hosts based on link-local traffic.

So add support for enabling NO_LL_LEARN for bridges.

17 months agocore: add trigger to path unit debug log
Luca Boccassi [Mon, 27 Jan 2025 20:30:16 +0000 (20:30 +0000)] 
core: add trigger to path unit debug log

Useful for debugging, given it's already logging and the trigger
is known, add it

17 months agokbd-model-map: add a georgian mapping
Adam Williamson [Fri, 10 Jan 2025 21:01:47 +0000 (13:01 -0800)] 
kbd-model-map: add a georgian mapping

https://github.com/legionus/kbd/pull/127 adds a Georgian mapping
to kbd. console-setup already has one. Let's support it here, so
it's used for Georgian installs on distros that use this table.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
17 months agotty-ask-password-agent: use free_and_strdup_warn() for arg_device (#36198)
Lennart Poettering [Tue, 28 Jan 2025 06:22:17 +0000 (07:22 +0100)] 
tty-ask-password-agent: use free_and_strdup_warn() for arg_device (#36198)

17 months agotty-ask-password-agent: use free_and_strdup_warn() for arg_device 36198/head
Mike Yuan [Tue, 28 Jan 2025 01:07:16 +0000 (02:07 +0100)] 
tty-ask-password-agent: use free_and_strdup_warn() for arg_device

Follow-up for 68cf1fc34d3e86a664fb948d413e1db4a24e16dd

Fixes CID#1590840

17 months agotty-ask-password-agent: assert that ask_on_consoles() is called without arg_device
Mike Yuan [Tue, 28 Jan 2025 01:09:52 +0000 (02:09 +0100)] 
tty-ask-password-agent: assert that ask_on_consoles() is called without arg_device

17 months agoresolved: add SubscribeDNSConfiguration to varlink API
Nick Rosbrook [Fri, 11 Oct 2024 18:44:44 +0000 (14:44 -0400)] 
resolved: add SubscribeDNSConfiguration to varlink API

Add a new method to io.systemd.Resolve.Monitor that allows subscribing
to changes in the systemd-resolved DNS configuration. The new method
emits the full DNS configuration (one entry for global configuration,
and one entry for each interface), any time the configuration is
updated.

17 months agoupdate TODO 36133/head
Lennart Poettering [Wed, 22 Jan 2025 22:27:54 +0000 (23:27 +0100)] 
update TODO

17 months agohomectl: port has_regular_user() + acquire_group_list() to use server-side filtering
Lennart Poettering [Wed, 22 Jan 2025 15:53:01 +0000 (16:53 +0100)] 
homectl: port has_regular_user() + acquire_group_list() to use server-side filtering

17 months agouserdbd: implement server side filtering in the Multiplexer API
Lennart Poettering [Wed, 22 Jan 2025 15:45:52 +0000 (16:45 +0100)] 
userdbd: implement server side filtering in the Multiplexer API

This impelements server side filtering in userdbd's multiplexer logic.
Note thta this means that even if some backend doesn't support it
natively the multiplexer will deal with it and apply the filtering as
necessary.

17 months agouserdb: move UserDBMatch handling from userdbctl into generic userdb code to allow...
Lennart Poettering [Wed, 22 Jan 2025 15:40:47 +0000 (16:40 +0100)] 
userdb: move UserDBMatch handling from userdbctl into generic userdb code to allow it to be done server side

This moves around the UserDBMatch handling, moves it out of userdbctl
and into generic userdb code, so that it can be passed to the server
side, to allow server side filtering.

This is preparation for one day allowing complex software to do such
filtering server side, and thus reducing the necessary traffic.

Right now no server side actually knows this, hence care is taken to
downgrade to the userdb varlink API as it was in v257 in case the new
options are not understood. This retains compatibility with any
implementation hence.

17 months agovarlink: add new calls for server-side user record filtering to varlink IDL + to...
Lennart Poettering [Wed, 22 Jan 2025 15:27:14 +0000 (16:27 +0100)] 
varlink: add new calls for server-side user record filtering to varlink IDL + to spec

This is preparation for adding server side filtering to the userdb
logic: it adds some fields for this to the userdb varlink API. This only
adds the IDL for it, no client will use it for now, no server implement
it. That's added in later commits.

17 months agouser-record: add some helpers for working with UserDBMatch
Lennart Poettering [Wed, 22 Jan 2025 15:26:53 +0000 (16:26 +0100)] 
user-record: add some helpers for working with UserDBMatch

17 months agouser-record: rename USER_DISPOSITION_MASK_MAX → USER_DISPOSITION_MASK_ALL
Lennart Poettering [Fri, 24 Jan 2025 21:15:29 +0000 (22:15 +0100)] 
user-record: rename USER_DISPOSITION_MASK_MAX â†’ USER_DISPOSITION_MASK_ALL

On request by yuwata.

17 months agouser-record: add helper for dispatching a disposition mask
Lennart Poettering [Tue, 21 Jan 2025 11:53:02 +0000 (12:53 +0100)] 
user-record: add helper for dispatching a disposition mask

17 months agomkosi: add loongarch64 to Debian's list of EFI arches
Luca Boccassi [Sat, 25 Jan 2025 01:21:30 +0000 (01:21 +0000)] 
mkosi: add loongarch64 to Debian's list of EFI arches

17 months agoudev: add input/by-{id,path} symlinks for hidraw devices
Nick Rosbrook [Fri, 24 Jan 2025 20:42:38 +0000 (15:42 -0500)] 
udev: add input/by-{id,path} symlinks for hidraw devices

Take some of the same rule structure from 60-persistent-input.rules, and
apply it to hidraw devices in 60-persistent-hidraw.rules.

Since one of the motivations for this is being able to easily reference
FIDO tokens, add a special case when ID_FIDO_TOKEN==1, and add 'fido'
to the symlink.

17 months agoFix typo
ver4a [Mon, 27 Jan 2025 18:20:44 +0000 (19:20 +0100)] 
Fix typo

17 months agoresolved: add link_get_default_route helper
Nick Rosbrook [Thu, 14 Nov 2024 19:31:07 +0000 (14:31 -0500)] 
resolved: add link_get_default_route helper

The dbus property getter for DefaultRoute does not simply check
link->default_route. Instead, if l->default_route is not explicitly
configured, it checks dns_scope_is_default_route(l->unicast_scope).

Add a link_get_default_route() helper with this logic so that it can be
used for consistency.

17 months agoresolved: add a helper to check if DNS server is accessible
Nick Rosbrook [Tue, 15 Oct 2024 20:30:52 +0000 (16:30 -0400)] 
resolved: add a helper to check if DNS server is accessible

We check this by opening a UDP socket and attempting to connect. We do
not send any traffic on it, but this will tell us if there are routes to
the DNS server.

This will be used in a later commit.

17 months agovarlink-util: add varlink_many_notify
Nick Rosbrook [Tue, 8 Oct 2024 14:19:42 +0000 (10:19 -0400)] 
varlink-util: add varlink_many_notify

We already have varlink_many_notifyb. Just re-factor it slightly and add
a plain varlink_many_notify.

17 months agoresolve: rename varlink_subscription -> varlink_query_results_subscription
Nick Rosbrook [Mon, 7 Oct 2024 15:39:57 +0000 (11:39 -0400)] 
resolve: rename varlink_subscription -> varlink_query_results_subscription

No functional change. Make it more clear that these varlink connections
are subscribed to query results. This prepares for adding SubscribeDNS
to the varlink API.

17 months agoCleanups around tty_is_vc() and get_kernel_consoles() (#36171)
Daan De Meyer [Mon, 27 Jan 2025 13:43:39 +0000 (14:43 +0100)] 
Cleanups around tty_is_vc() and get_kernel_consoles() (#36171)

Prompted by #36167
Replaces #36167 and #36175

17 months agomkosi: Update to latest (#36190)
Daan De Meyer [Mon, 27 Jan 2025 13:15:37 +0000 (14:15 +0100)] 
mkosi: Update to latest  (#36190)

17 months agoAdds asus T103HAF rotation matrix to 60-sensor.hwdb (#36177)
16mc1r [Mon, 27 Jan 2025 13:01:05 +0000 (14:01 +0100)] 
Adds asus T103HAF rotation matrix to 60-sensor.hwdb (#36177)

Rotation Matrix to enable correct auto-rotation with
[iio-sensor-proxy](https://gitlab.freedesktop.org/hadess/iio-sensor-proxy/)
on an Asus Transformer Mini T103HAF with iio-sensor `HID-SENSOR-200073`.
- Tested on KDE Plasma Mobile (Fedora 41), details see inxi report.

Device Details:
- low powered 2in1 convertible with 10.1" screen size, 4core atom cpu
and 4gb ram. Usefull as x86 based tablet with stylus for annotation and
reading.
- [official asus website for the
device](https://www.asus.com/us/laptops/for-home/everyday-use/asus-transformer-mini-t103/)

#### inxi device report
```sh
System:
  Host: ------ Kernel: 6.12.10-200.fc41.x86_64 arch: x86_64 bits: 64
  Console: pty pts/3 Distro: Fedora Linux 41 (KDE Plasma Mobile)
Machine:
  Type: Detachable System: ASUSTeK product: T103HAF v: 1.0 serial: J1N0CX212087050
  Mobo: ASUSTeK model: T103HAF v: 1.0 serial: ---------- UEFI: American Megatrends
    v: T103HAF.306 date: 12/05/2017
CPU:
  Info: quad core model: Intel Atom x5-Z8350 bits: 64
Info:
  Memory: total: 4 GiB
```

### udevadm info output for iio-device
```sh
# iio-device / accelerometer
P: /devices/pci0000:00/0000:00:0a.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8086:0001.0004/HID-SENSOR-200073.3.auto/iio:device0
M: iio:device0
R: 0
U: iio
T: iio_device
D: c 234:0
N: iio:device0
L: 0
E: DEVPATH=/devices/pci0000:00/0000:00:0a.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8086:0001.0004/HID-SENSOR-200073.3.auto/iio:device0
E: DEVNAME=/dev/iio:device0
E: DEVTYPE=iio_device
E: MAJOR=234
E: MINOR=0
E: SUBSYSTEM=iio
E: USEC_INITIALIZED=18119681
E: ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, -1
E: IIO_SENSOR_PROXY_TYPE=iio-poll-accel iio-buffer-accel
E: SYSTEMD_WANTS=iio-sensor-proxy.service
E: TAGS=:systemd:
E: CURRENT_TAGS=:systemd:
```
### Full `udevadm info  --export-db`
- as requested in
[60-sensor.hwdb](https://github.com/systemd/systemd/blob/ba0266b376d7cc5205d8a4a3d999aec13c24fe5d/hwdb.d/60-sensor.hwdb#L35)
-
[udevadm-info_103HAF.txt](https://github.com/user-attachments/files/18550448/udevadm-info_103HAF.txt)

17 months agocore/dbus-manager: make output argument of transient_unit_from_message() optional
Yu Watanabe [Mon, 27 Jan 2025 00:24:16 +0000 (09:24 +0900)] 
core/dbus-manager: make output argument of transient_unit_from_message() optional

17 months agomkosi: Add VCS_TAG to PassEnvironment= 36190/head
Daan De Meyer [Mon, 27 Jan 2025 10:27:49 +0000 (11:27 +0100)] 
mkosi: Add VCS_TAG to PassEnvironment=

17 months agomkosi: Bump minimum version to 25
Daan De Meyer [Mon, 27 Jan 2025 10:26:29 +0000 (11:26 +0100)] 
mkosi: Bump minimum version to 25

Let's require everyone to be on the now officially released mkosi 25.

17 months agomkosi: Update to latest
Daan De Meyer [Mon, 27 Jan 2025 10:26:13 +0000 (11:26 +0100)] 
mkosi: Update to latest

17 months agomachine: revert type change of "leader" in io.systemd.Machine.Register method
Yu Watanabe [Fri, 24 Jan 2025 19:05:51 +0000 (04:05 +0900)] 
machine: revert type change of "leader" in io.systemd.Machine.Register method

The varlink method io.systemd.Machine.Register() is in v256, hence type
of "leader" cannot be changed.
Let's revert the change by 755cb018c9b3e93245afb86ec94223756ddd70e4, and
introduce another field "leaderProcessId", which takes detailed information
of the process.

Fixes a regression caused by 755cb018c9b3e93245afb86ec94223756ddd70e4.
Fixes #36155.

17 months agojournal-remote: coding style fixlets
Yu Watanabe [Sun, 26 Jan 2025 23:59:05 +0000 (08:59 +0900)] 
journal-remote: coding style fixlets

Co-authored-by: Andrii Chubatiuk <andrew.chubatiuk@gmail.com>
17 months agoman: insert missing varname tag
Ivan Trubach [Sun, 26 Jan 2025 23:49:55 +0000 (08:49 +0900)] 
man: insert missing varname tag

17 months agostrv: drop redundant string_strv_hash_ops
Yu Watanabe [Mon, 27 Jan 2025 03:17:19 +0000 (12:17 +0900)] 
strv: drop redundant string_strv_hash_ops

It is completely equivalent to string_hash_ops_free_strv_free.

17 months agomount-util: make path_get_mount_info_at() also read utab (#36154)
Yu Watanabe [Sun, 26 Jan 2025 23:45:13 +0000 (08:45 +0900)] 
mount-util: make path_get_mount_info_at() also read utab (#36154)

As "_netdev" is only stored in utab.

Fixes a bug introduced by 5261c521e3a98932241f36e91cf6f7823c578aca.
Fixes #35949.

17 months agotest-network: add test case for Gateway=_dhcp4 with Table= 36183/head
Yu Watanabe [Sun, 26 Jan 2025 20:54:30 +0000 (05:54 +0900)] 
test-network: add test case for Gateway=_dhcp4 with Table=

17 months agonetwork/dhcp4: Gateway=_dhcp4 also assign DHCP address as preferred source
Yu Watanabe [Sun, 26 Jan 2025 22:07:55 +0000 (07:07 +0900)] 
network/dhcp4: Gateway=_dhcp4 also assign DHCP address as preferred source

With the following, now preferred source address is set to the DHCP
address.
====
[Route]
Gatewa=_dhcp4
Table=100
====

Before:
====
$ ip route show table 100 default
default via 192.168.0.1 dev eth0 proto dhcp metric 1024
====

After:
====
$ ip route show table 100 default
default via 192.168.0.1 dev eth0 proto dhcp src 192.168.0.100 metric 1024
====

To avoid the assignment, this also introduces PreferredSource=no.

17 months agonetwork/dhcp4: create prefix route and route to gateway in the specified table with...
Yu Watanabe [Sun, 26 Jan 2025 20:17:44 +0000 (05:17 +0900)] 
network/dhcp4: create prefix route and route to gateway in the specified table with Gateway=_dhcp4

Previously, the following setting
====
[Route]
Gateway=_dhcp4
Table=100
====
only configured the route in the specified table. But it was mostly
useless. This makes prefix route and route to the gateway are also
configured in the specified table.

Before:
====
$ ip route show table 100
default via 192.168.0.1 dev eth0 proto dhcp metric 1024
====

After:
====
$ ip route show table 100
default via 192.168.0.1 dev eth0 proto dhcp metric 1024
192.168.0.0/24 dev eth0 proto dhcp src 192.168.0.100 metric 1024
192.168.0.1 dev eth0 proto dhcp scope link src 192.168.0.100 metric 1024
====

17 months agonetwork/dhcp4: rename link_prefixroute() -> prefixroute_by_kernel()
Yu Watanabe [Sun, 26 Jan 2025 21:58:06 +0000 (06:58 +0900)] 
network/dhcp4: rename link_prefixroute() -> prefixroute_by_kernel()

No functional change, just refactoring.

17 months agonetwork/dhcp4: make dhcp4_request_route_to_gateway() take Route object
Yu Watanabe [Sun, 26 Jan 2025 21:16:24 +0000 (06:16 +0900)] 
network/dhcp4: make dhcp4_request_route_to_gateway() take Route object

No functional change, preparation for later commits.

17 months agonetwork/route: adjust configuration source based on Gateway= setting
Yu Watanabe [Sun, 26 Jan 2025 20:15:48 +0000 (05:15 +0900)] 
network/route: adjust configuration source based on Gateway= setting

If Gateway=_dhcp4/_ra, the route will be anyway configured with
NETWORK_CONFIG_SOURCE_DHCP4/_NDISC. See dhcp4_request_route() and
ndisc_route_prepare().

This is mostly for avoiding link_drop_routes(), which drops unnecessary static
and/or foreign routes, unexpectedly filtering an existing route with the
route specified with Gateway=_dhcp4/_ra.

17 months agosystemctl: fix memleak
Yu Watanabe [Sun, 26 Jan 2025 19:17:27 +0000 (04:17 +0900)] 
systemctl: fix memleak

Fixes a bug introduced by adb6cd9be2b7e9e614d2b5835c7b70cf8eacc852.

Fixes #36178.

17 months agohwdb: add MSI Claw 8 AT Keyboard Scancodes (#36180)
honjow [Sun, 26 Jan 2025 19:22:19 +0000 (03:22 +0800)] 
hwdb: add MSI Claw 8 AT Keyboard Scancodes (#36180)

This change maps the right face button to F15 and the left one to F16.
Similar to #33669.

17 months agogetty-generator: port to get_kernel_consoles() 36171/head
Mike Yuan [Sat, 25 Jan 2025 19:42:58 +0000 (20:42 +0100)] 
getty-generator: port to get_kernel_consoles()

17 months agogetty-generator: use generator_add_symlink() where appropriate
Mike Yuan [Sat, 25 Jan 2025 19:58:47 +0000 (20:58 +0100)] 
getty-generator: use generator_add_symlink() where appropriate

17 months agotty-ask-password-agent: do not needlessly spawn subprocesses if there's only one...
Mike Yuan [Sat, 25 Jan 2025 19:30:10 +0000 (20:30 +0100)] 
tty-ask-password-agent: do not needlessly spawn subprocesses if there's only one console

17 months agoterminal-util: make get_kernel_consoles() return > 0 if /dev/console is resolved
Mike Yuan [Sat, 25 Jan 2025 19:19:26 +0000 (20:19 +0100)] 
terminal-util: make get_kernel_consoles() return > 0 if /dev/console is resolved

17 months agologin/pam_systemd: drop redundant vtnr == 0 handling
Mike Yuan [Sat, 25 Jan 2025 21:32:16 +0000 (22:32 +0100)] 
login/pam_systemd: drop redundant vtnr == 0 handling

vtnr_from_tty() treats 0 as invalid.

17 months agoterminal-util: stop doing 0/upper bound check in tty_is_vc()
Mike Yuan [Sun, 26 Jan 2025 00:32:42 +0000 (01:32 +0100)] 
terminal-util: stop doing 0/upper bound check in tty_is_vc()

tty_is_vc() is more often than not used for simple "categorization"
than validity check. E.g. in logind, we first recognize the tty
"looks like vc", and then use vtnr_from_tty() where range check
is performed and vtnr is extracted. In such cases, we want to reject
invalid vtnr from clients rather than silently carry on, hence
let's remove bound check in tty_is_vc().

Fixes #36166
Replaces #36167 and #36175

17 months agonetwork: fix offset of preference in backward compat option
Yu Watanabe [Sun, 26 Jan 2025 00:41:25 +0000 (09:41 +0900)] 
network: fix offset of preference in backward compat option

Fixes a bug introduced by a10d6e0124bb6e202baef9170b019e2e6a7af1fd.

Fixes oss-fuzz#391916479 (https://issues.oss-fuzz.com/issues/391916479).
Fixes #36172.

17 months agoboot: Improve log message
Daan De Meyer [Sat, 25 Jan 2025 19:42:54 +0000 (20:42 +0100)] 
boot: Improve log message

17 months agoAdd loong64 as an option in a few more places (#36163)
Yu Watanabe [Sun, 26 Jan 2025 00:35:42 +0000 (09:35 +0900)] 
Add loong64 as an option in a few more places (#36163)

17 months agoresolved: do not disable mdns/llmnr globally if it's enabled on any link (#36158)
Luca Boccassi [Sat, 25 Jan 2025 10:49:44 +0000 (10:49 +0000)] 
resolved: do not disable mdns/llmnr globally if it's enabled on any link (#36158)

Fixes a regression caused by 2976730a4d34749bfb7a88da341464f1834ab1c6.
Fixes #36078.
Fixes #36126.

Replaces #36153.
Replaces #36156.

17 months agotools: add loongarch64 to debug-sd-boot script 36163/head
Luca Boccassi [Sat, 25 Jan 2025 01:20:47 +0000 (01:20 +0000)] 
tools: add loongarch64 to debug-sd-boot script

17 months agoukify: add riscv32 to --efi-arch
Luca Boccassi [Sat, 25 Jan 2025 01:25:28 +0000 (01:25 +0000)] 
ukify: add riscv32 to --efi-arch

It is supported in the arch mapping at the top and in elf2efi, so add it here too

17 months agoukify: add loongarch64 to --efi-arch
Luca Boccassi [Sat, 25 Jan 2025 01:19:53 +0000 (01:19 +0000)] 
ukify: add loongarch64 to --efi-arch

17 months agoresolved: stop mdns/llmnr if no interface request it after bus method 36158/head
Yu Watanabe [Fri, 24 Jan 2025 19:48:00 +0000 (04:48 +0900)] 
resolved: stop mdns/llmnr if no interface request it after bus method

17 months agoresolved: do not disable mdns/llmnr globally if it's enabled on any link
Yu Watanabe [Fri, 24 Jan 2025 19:48:00 +0000 (04:48 +0900)] 
resolved: do not disable mdns/llmnr globally if it's enabled on any link

Fixes a regression caused by 2976730a4d34749bfb7a88da341464f1834ab1c6.

Fixes #36078.
Fixes #36126.

Co-authored-by: Luca Boccassi <luca.boccassi@gmail.com>
17 months agoman: fix reference to non-existing ukify parameter
Luca Boccassi [Fri, 24 Jan 2025 23:37:33 +0000 (23:37 +0000)] 
man: fix reference to non-existing ukify parameter

The --extend parameter was removed by https://github.com/systemd/systemd/pull/34608
and a --join-profile was added instead, fix leftover reference in manpage

Follow-up for 3891d57c4f768cb648e1a85483216eadae0b101e

17 months agolibmount-util: introduce two helper functions 36154/head
Yu Watanabe [Sat, 25 Jan 2025 00:33:58 +0000 (09:33 +0900)] 
libmount-util: introduce two helper functions

This introduces libmount_parse_mountinfo() and libmount_parse_with_utab().
The former one parses only mountinfo, but the latter one also parse
utab. Hopefully this avoids pitfalls like issue #35949.

17 months agomount-util: make path_get_mount_info_at() also read utab
Yu Watanabe [Fri, 24 Jan 2025 17:35:21 +0000 (02:35 +0900)] 
mount-util: make path_get_mount_info_at() also read utab

As "_netdev" is only stored in utab.

Fixes a bug introduced by 5261c521e3a98932241f36e91cf6f7823c578aca.
Fixes #35949.

17 months agohomed: when setting up an idmapping map foreign UID range on itself
Lennart Poettering [Fri, 24 Jan 2025 15:54:05 +0000 (16:54 +0100)] 
homed: when setting up an idmapping map foreign UID range on itself

Now that nspawn can run unprivileged off directory trees owned by
the new "foreign" UID range let's make sure homed actually allows
files owned by that range in the home directories.

This is not enough to make nspawn just work in homed home dirs
unfortunately though. that's because homed applies an idmapping, and
nspawn would need to then to take that idmapped mount and apply another
one, and the kernel simply doesn't support stacked idmapped mounts.
There's work ongoing to address that in the kernel.

However, this is a first step, and should be enough to make things just
work should the kernel eventually support stacked idmapped mounts.

17 months agosd-json: silence false positive warning by coverity
Yu Watanabe [Fri, 24 Jan 2025 13:53:13 +0000 (22:53 +0900)] 
sd-json: silence false positive warning by coverity

An object json is a set of key and value pair, hence has its number of
element is multiple of two, and we know at least two elements there.

Follow-up for b6a2df630701de0bcf77850ced213d7fc3d0c4de.
Fixes CID#1590724

17 months agodelta: cleanup coding style and add missing error check (#36146)
Yu Watanabe [Fri, 24 Jan 2025 20:30:58 +0000 (05:30 +0900)] 
delta: cleanup coding style and add missing error check (#36146)

17 months agoudev-rules: use sd_device_set_sysattr_value() to write sysfs attribute (#36142)
Yu Watanabe [Fri, 24 Jan 2025 20:30:21 +0000 (05:30 +0900)] 
udev-rules: use sd_device_set_sysattr_value() to write sysfs attribute (#36142)

Then, we can avoid that files outside of sysfs are written by udev ATTR
key.

17 months agotree-wide: insert a space at the end of comments
Yu Watanabe [Fri, 24 Jan 2025 20:16:27 +0000 (05:16 +0900)] 
tree-wide: insert a space at the end of comments

17 months agoTwo HACKING.md improvements (#36152)
Daan De Meyer [Fri, 24 Jan 2025 17:12:10 +0000 (18:12 +0100)] 
Two HACKING.md improvements (#36152)

17 months agoHACKING: Drop run0 from mkosi boot invocation 36152/head
Daan De Meyer [Fri, 24 Jan 2025 16:29:58 +0000 (17:29 +0100)] 
HACKING: Drop run0 from mkosi boot invocation

mkosi will itself use run0 or sudo when not running as root to invoke
systemd-nspawn, so no need to do it in HACKING.md.

17 months agoHACKING: Move OBS section further down
Daan De Meyer [Fri, 24 Jan 2025 16:28:15 +0000 (17:28 +0100)] 
HACKING: Move OBS section further down

HACKING.md should first and foremost tell someone how to hack on
systemd, installing packages from OBS isn't the most likely section
a new contributor will be interested in, so let's move it further
down.