Compare commits

..

1 Commits

Author SHA1 Message Date
Maanya Goenka f3a9cb423e Add version as new column in the list command table output
Add a new column in the list command output table that logs the version of the image name of the extension.
'version' of the image should be the part of the image name string that includes the version and the boot counters
at the end of the filename but excludes the .raw type suffix. This commit modifies the table outputted by the list
command to have the version from the absolute filename displayed alongside the shortened image name.
2024-11-21 18:48:57 +00:00
31 changed files with 96 additions and 163 deletions

View File

@ -1438,11 +1438,6 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11) KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12) KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
########################################################### ###########################################################
# Maxdata # Maxdata
########################################################### ###########################################################

View File

@ -953,15 +953,6 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:* sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
######################################### #########################################
# Pipo # Pipo
######################################### #########################################

View File

@ -265,11 +265,32 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Unlocking</title> <title>Options</title>
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para> <para>The following options are understood:</para>
<variablelist> <variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term> <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -307,45 +328,7 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem> <xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term> <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -378,15 +361,7 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem> <xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term> <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -486,15 +461,7 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem> <xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term> <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -669,15 +636,7 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem> <xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term> <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -9,8 +9,8 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-21 19:38+0000\n" "PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n" "systemd/main/uk/>\n"
"Language: uk\n" "Language: uk\n"
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
msgid "Update your home area" msgid "Update your home area"
msgstr "Оновлення домашньої області" msgstr "Оновіть свій домашній простір"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області слід пройти розпізнавання." msgstr "Для оновлення домашньої області потрібна автентифікація."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими можливостями слід пройти розпізнавання" msgstr "Для керування додатковими функціями потрібна автентифікація"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -38,12 +38,19 @@ __get_tpm2_devices() {
done done
} }
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() { _systemd_cryptenroll() {
local comps local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=( local -A OPTS=(
[STANDALONE]='-h --help --version [STANDALONE]='-h --help --version
--password --recovery-key --list-devices' --password --recovery-key'
[ARG]='--unlock-key-file [ARG]='--unlock-key-file
--unlock-fido2-device --unlock-fido2-device
--unlock-tpm2-device --unlock-tpm2-device
@ -109,7 +116,7 @@ _systemd_cryptenroll() {
return 0 return 0
fi fi
comps=$(systemd-cryptenroll --list-devices) comps=$(__get_block_devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0 return 0
} }

View File

@ -3426,12 +3426,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0; return 0;
} }
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll); r = service_add_fd_store(s, fd, fdn, do_poll);
if (r < 0) { if (r < 0) {
log_unit_debug_errno(u, r, log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn); "Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0; return 0;
} }
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) { } else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL; _cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF; _cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n" "\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n" " --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n" " --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS#11 Enrollment:%4$s\n" "\n%3$sPKCS11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n" " --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n" " Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n" "\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
int pidfd = sd_varlink_get_peer_pidfd(v); int pidfd = sd_varlink_get_peer_pidfd(v);
if (pidfd < 0) { if (pidfd < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL) if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
return pidfd; return pidfd;
pid_t pid; pid_t pid;

View File

@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret); int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret); int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags); int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
/* Default to PCR 7 only */ /* Default to PCR 7 only */
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7) #define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

View File

@ -2210,10 +2210,8 @@ static int vl_method_refresh(sd_varlink *link, sd_json_variant *parameters, sd_v
} }
static int parse_version(const char *filename, char **ret) { static int parse_version(const char *filename, char **ret) {
const char *start, *ext_suffix; const char *start, *last_dot_after_underscore;
char *version = NULL; char *version = NULL;
/* We are only looking for extension images here, because for directories, we want a no-op*/
static const char *valid_extensions[] = {".confext.raw", ".sysext.raw", ".raw"};
assert(filename); assert(filename);
assert(ret); assert(ret);
@ -2231,37 +2229,41 @@ static int parse_version(const char *filename, char **ret) {
} }
start ++; start ++;
/* Find the extension suffix, if a valid one is associated with it */ last_dot_after_underscore = strrchr(start, '.');
for (const char **ext = valid_extensions; *ext; ++ext) { if (!last_dot_after_underscore || (*(last_dot_after_underscore + 1) == '\0')) {
ext_suffix = strstr(start, *ext); /* If no dot found or if dot is the last character, treat everything
if (ext_suffix) / after '_' as the version */
break; version = strdup(start);
}
if (!ext_suffix) {
/* If no valid extension filename suffix is found, assign "none" and return success. */
version = strdup("none");
if (!version) if (!version)
return -ENOMEM; return -ENOMEM;
*ret = version; *ret = version;
return 0; return 0;
} }
size_t version_length = ext_suffix - start; if (last_dot_after_underscore[1] && isdigit(last_dot_after_underscore[1])) {
if (version_length == 0) { /* If the last dot is followed by a digit, the version is everything after the underscore
version = strdup("none"); * This is for cases where the extension name is like so: image_0.1 */
version = strdup(start);
if (!version)
return -ENOMEM;
*ret = version;
} else if (last_dot_after_underscore[1] && isalpha(last_dot_after_underscore[1])) {
/* If the last dot is followed by a letter, the version is between the first '_' and the last dot
* This is for cases where the extension name is like so: image_0.1.raw (version is 0.1)
* or image_1.raw (version is 1) */
size_t length = last_dot_after_underscore - start;
version = strndup(start, length);
if (!version)
return -ENOMEM;
*ret = version;
} else {
/* In all other cases assign "n/a" to version */
version = strdup("n/a");
if (!version) if (!version)
return -ENOMEM; return -ENOMEM;
*ret = version; *ret = version;
return 0;
} }
/* Extract the version substring */
version = strndup(start, version_length);
if (!version)
return -ENOMEM;
*ret = version;
return 0; return 0;
} }

View File

@ -23,7 +23,6 @@
#include "user-util.h" #include "user-util.h"
#include "userdb.h" #include "userdb.h"
#include "verbs.h" #include "verbs.h"
#include "virt.h"
static enum { static enum {
OUTPUT_CLASSIC, OUTPUT_CLASSIC,
@ -140,16 +139,10 @@ static int show_user(UserRecord *ur, Table *table) {
return 0; return 0;
} }
static bool test_show_mapped(void) {
/* Show mapped user range only in environments where user mapping is a thing. */
return running_in_userns() > 0;
}
static const struct { static const struct {
uid_t first, last; uid_t first, last;
const char *name; const char *name;
UserDisposition disposition; UserDisposition disposition;
bool (*test)(void);
} uid_range_table[] = { } uid_range_table[] = {
{ {
.first = 1, .first = 1,
@ -182,12 +175,11 @@ static const struct {
.last = MAP_UID_MAX, .last = MAP_UID_MAX,
.name = "mapped", .name = "mapped",
.disposition = USER_REGULAR, .disposition = USER_REGULAR,
.test = test_show_mapped,
}, },
}; };
static int table_add_uid_boundaries(Table *table, const UIDRange *p) { static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
int r, n_added = 0; int r;
assert(table); assert(table);
@ -200,9 +192,6 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " users ", " begin ", i->name, " users ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -260,11 +249,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same UID */ TABLE_INT, 1); /* sort after any other entry with the same UID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return n_added; return ELEMENTSOF(uid_range_table) * 2;
} }
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) { static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@ -578,22 +565,16 @@ static int show_group(GroupRecord *gr, Table *table) {
} }
static int table_add_gid_boundaries(Table *table, const UIDRange *p) { static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
int r, n_added = 0; int r;
assert(table); assert(table);
FOREACH_ELEMENT(i, uid_range_table) { FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL; _cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " groups ", " begin ", i->name, " groups ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -645,11 +626,9 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same GID */ TABLE_INT, 1); /* sort after any other entry with the same GID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return n_added; return ELEMENTSOF(uid_range_table) * 2;
} }
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) { static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
{% if LINK_SHELL_EXTRA_DROPIN %} {% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
{% if LINK_SSH_PROXY_DROPIN %} {% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Copy systemd-stub provided metadata such as PCR signature and public key file # Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage # from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
{% if LINK_SSHD_USERDB_DROPIN %} {% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
d /etc/credstore 0700 root root d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
L /etc/os-release - - - - ../usr/lib/os-release L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
Q /home 0755 - - - Q /home 0755 - - -
q /srv 0755 - - - q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Set the NOCOW attribute for directories of journal files. This flag # Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only # is inherited by their new files and sub-directories. Matters only

View File

@ -5,28 +5,26 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# The functionality provided by these files and directories has been replaced # These files are considered legacy and are unnecessary on legacy-free
# by newer interfaces. Their use is discouraged on legacy-free systems. This # systems.
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root - d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock L /var/lock - - - - ../run/lock
{% if HAVE_SYSV_COMPAT %}
{% if CREATE_LOG_DIRS %} {% if CREATE_LOG_DIRS %}
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %} {% endif %}
# /run/lock/subsys is used for serializing SysV service execution, and # /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems. # hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root - d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force' # 'quotacheck.mode=force'
r! /forcefsck r! /forcefsck
r! /fastboot r! /fastboot
r! /forcequotacheck r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'], ['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'], ['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'], ['etc.conf'],
['legacy.conf'], ['legacy.conf', 'HAVE_SYSV_COMPAT'],
['static-nodes-permissions.conf'], ['static-nodes-permissions.conf'],
['systemd.conf'], ['systemd.conf'],
['var.conf'], ['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later # SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
Q /var/lib/portables 0700 Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Provision additional login messages from credentials, if they are set. Note # Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files # that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
d$ /run/systemd/netif 0755 systemd-network systemd-network - d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network - d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
Q /var/lib/machines 0700 - - - Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Exclude namespace mountpoints created with PrivateTmp=yes # Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-* x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
d /run/user 0755 root root - d /run/user 0755 root root -
{% if ENABLE_UTMP %} {% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Clear tmp directories separately, to make them easier to override # Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
q /var 0755 - - - q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details. # See tmpfiles.d(5) for details
# Make sure these are created by default so that nobody else can # Make sure these are created by default so that nobody else can
# or empty them at startup # or empty them at startup