Compare commits

...

105 Commits

Author SHA1 Message Date
slee649 3f3fab37f8
Merge 63d0fe5b84 into 4b356c90dc 2024-11-23 15:12:54 +01:00
Ani Sinha 4b356c90dc measure: add 'dtbauto' option in help message
'dtbauto' command line was missing from the help string. Add it.
2024-11-23 12:43:34 +00:00
Léane GRASSER f28e16d14e po: Translated using Weblate (French)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Léane GRASSER <leane.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-11-23 20:49:18 +09:00
Yu Watanabe 9e05e33871 networkd-test.py: fix interface state checker
After 259125d53d, network interfaces
declared by .netdev files are created after systemd-networkd sends READY
notification. So, even when networkd is started, the netdevs may not
be created yet, and 'ip' command may fail. Let's also check the return
code of the command.

This also
- drops never worked stdout checks,
- makes the test fail if the interface is not created within the timeout.
2024-11-23 17:33:43 +09:00
Lennart Poettering 95116bdfd5 nspawn: improve log message on bad incoming sd_notify() message
It's the PID that is wrong, not the UID/GID, be precise.
2024-11-23 17:33:17 +09:00
Lennart Poettering 2bd290ca02 nspawn: fix userns_mkdir() invocation
The wrong error code was logged.

But actually given that userns_mkdir() is fine with existing dirs, let's
drop the redundant conditionalization.

Follow-up for: a1fcaa1549
2024-11-23 17:33:06 +09:00
Yu Watanabe 1e9fb1d456 shutdown: propagate one more error from sync_making_progress()
No functional change, just refactoring, as anyway all errors will be
ignored by the caller.
2024-11-23 17:32:51 +09:00
Yu Watanabe 56c761f8c6
namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported() (#35313)
Follow-up for edae62120f.
Fixes #35311.
2024-11-23 17:32:23 +09:00
Yu Watanabe b76730f3fe shutdown: close DM block device before issuing DM_DEV_REMOVE ioctl
Otherwise, the ioctl() may fail with EBUSY.

Follow-up for b4b66b2662.
Hopefully fixes #35243.
2024-11-23 17:31:36 +09:00
Yu Watanabe 3dda236c5c basic/linux: update kernel headers from v6.12 2024-11-23 17:31:12 +09:00
Zbigniew Jędrzejewski-Szmek 5598454a3f Undeprecate commandline params forcequotacheck, fastboot, and forcefsck
Those are historical names, but there is nothing wrong with them. The files on
/ (/fastboot, /forcefsck, and /forcequotacheck) are problematic because they
require a modification of the root file system. But the commandline params work
fine. They have the obvious advantage compared to our "modern" option that they
are much easier to type without looking up the spelling in the docs. Undeprecate
them to avoid unnecessary churn.
2024-11-23 17:30:56 +09:00
Yu Watanabe 2994ca354b namespace-util: update log messages 2024-11-23 06:52:48 +09:00
Yu Watanabe eb14b993bb namespace-util: handle -ENOSPC by userns_acquire() gracefully in is_idmapping_supported()
Follow-up for edae62120f.
Fixes #35311.
2024-11-23 06:52:38 +09:00
Christian Hesse c946b13575 link README.logs from tmpfiles.d/legacy.conf only if available
The file README.logs is installed only if SysVInit support is enabled.
Thus the link should depend on it as well.
2024-11-22 18:33:20 +00:00
Lennart Poettering e39cbb1442 varlink: apparently on old kernels SO_PEERPIDFD returns EINVAL 2024-11-23 03:09:49 +09:00
Marco Tomaschett bc4a027f9c
hwdb: add support for PineTab2 to 60-sensor.hwdb (#35304)
Add accelerometer support for PineTab2
2024-11-23 03:08:06 +09:00
Lennart Poettering d209e197f8
userdbctl: two trivial fixlets (#35296)
Fixes: #35294
2024-11-22 16:06:01 +01:00
Antonio Alvarez Feijoo 9ed090230e tpm2-util: fix parameter name 2024-11-22 16:04:16 +01:00
Luca Boccassi 9bf6ffe166
man: split cryptenroll man page into sections (#35297) 2024-11-22 12:01:07 +00:00
Lennart Poettering 47c5ca237b userdbctl: respect selected disposition also when showing gid boundaries
Follow-up for: ad5de3222f
2024-11-22 11:28:30 +01:00
Lennart Poettering 7f8a4f12df userdbctl: fix counting
Fixes: #35294
2024-11-22 11:28:28 +01:00
Lennart Poettering e412fc5e04 userbdctl: show 'mapped' user range only inside of userns
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
2024-11-22 11:28:17 +01:00
Lennart Poettering cc6baba720 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.
2024-11-22 10:42:37 +01:00
Lennart Poettering 3ae48d071c man: add enrollment type sections to cryptenroll man page
We have the same sections in the --help text, hence we even more so
should have them in the man page.
2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo 2ccacdd57c bash-completion: add --list-devices to systemd-cryptenroll
And also use it to list suitable block devices.
2024-11-22 10:38:19 +01:00
Yu Watanabe d99198819c core/service: service_add_fd_store() consumes passed fd
Without this change, the fd is closed twice on failure.

Fixes a bug introduced by dff9808a62.

Fixes #35288.
2024-11-22 04:15:51 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Yuri Chornoivan b153eebfb2 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
Luca Boccassi b7eefa1996 cgroup-util: fix memory leak on error
CID#1565824

Follow-up for f6793bbcf0
2024-11-21 14:02:34 +09:00
Luca Boccassi 2e5b0412f9
network: update state files before replying bus method (#35255)
Follow-up for 2b07a3211b.

Fixes the failure found in
https://autopkgtest.ubuntu.com/results/autopkgtest-noble-upstream-systemd-ci-systemd-ci/noble/amd64/s/systemd-upstream/20241115_182040_92382@/log.gz
. Relevant logs:
```
Nov 16 02:48:36 systemd-networkd[2706]: veth99: Reconfiguring with /run/systemd/network/25-dhcp-client-ipv6-only.network.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Started IPv6 Router Solicitation client
Nov 16 02:48:36 systemd-networkd[2706]: veth99: IPv6 Router Discovery is configured and started.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Sent Router Solicitation, next solicitation in 3s
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Received Router Advertisement from fe80::1034:56ff:fe78:9abd: flags=0xc0(managed, other), preference=medium, lifetime=30min
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Invoking callback for 'router' event.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: link_check_ready(): dynamic addressing protocols are enabled but none of them finished yet.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Starting in Solicit mode
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: State changed: stopped -> solicitation
Nov 16 02:48:36 systemd-networkd[2706]: veth99: Acquiring DHCPv6 lease on NDisc request
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Sent Solicit
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Next retransmission in 1s
Nov 16 02:48:37 systemd-networkd[2706]: veth99: DHCPv6 client: Sent Solicit
Nov 16 02:48:37 systemd-networkd[2706]: veth99: DHCPv6 client: Next retransmission in 1s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: NDISC: Received Neighbor Advertisement from fe80::1034:56ff:fe78:9abd: Router=yes, Solicited=yes, Override=no
Nov 16 02:48:39 systemd-networkd[2706]: veth99: NDISC: Invoking callback for 'neighbor' event.
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: Processed Reply message
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: T1 expires in 50s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: T2 expires in 55s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: Valid lifetime expires in 2min
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: State changed: solicitation -> bound
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 address 2600::15/128 (valid for 1min 59s, preferred for 1min 59s)
Nov 16 02:48:41 systemd-networkd[2706]: veth99: Received updated DHCPv6 address (configured): 2600::15/128 (valid for 1min 58s, preferred for 1min 58s), flags: no-prefixroute, scope: global
Nov 16 02:48:41 systemd-networkd[2706]: veth99: DHCPv6 addresses and routes set.
Nov 16 02:48:41 systemd-networkd[2706]: veth99: link_check_ready(): IPv4LL:no DHCPv4:no DHCPv6:yes DHCP-PD:no NDisc:no
Nov 16 02:48:41 systemd-networkd[2706]: veth99: State changed: configuring -> configured
```
The interface veth99 entered the configured state after 5 seconds, but
at the same time, the `wait_online()` in the test script considered the
test failed.
The function `wait_online()` first invokes
`systemd-networkd-wait-online` with `--timeout=20`, then check setup
states of interfaces with 5 seconds timeout. So, the failure suggests
that `systemd-networkd-wait-online` finishes immediately, as the state
file was not updated when it is invoked, and thus it handles the
interface veth99 already in the configured state.
2024-11-20 23:36:35 +00:00
Martin Srebotnjak 69af4849aa po: Translated using Weblate (Slovenian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Martin Srebotnjak <miles@filmsi.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/sl/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Jiri Grönroos 18d4e0be89 po: Translated using Weblate (Finnish)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Jiri Grönroos <jiri.gronroos@iki.fi>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fi/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Dmytro Markevych 7d7b89a015 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Dmytro Markevych <hotr1pak@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Léane GRASSER 8a92365f79 po: Translated using Weblate (French)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Léane GRASSER <leane.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Yu Watanabe 2b397d43ab test-network: actually check metric and preference
Otherwise, nexthop ID may contain e.g. 300, then
===
AssertionError: '300' unexpectedly found in
'default nhid 3860882700 via fe80::1034:56ff:fe78:9a99 proto ra metric 512 expires 1798sec pref high\n
 default nhid 2639230080 via fe80::1034:56ff:fe78:9a98 proto ra metric 2048 expires 1798sec pref low'
===
2024-11-21 03:43:35 +09:00
Yu Watanabe 9ad294efd0 network: update state files before replying bus method
Follow-up for 2b07a3211b.
2024-11-21 03:42:06 +09:00
Lennart Poettering f6793bbcf0 killall: gracefully handle processes inserted into containers via nsenter -a
"nsenter -a" doesn't migrate the specified process into the target
cgroup (it really should). Thus the cgroup will remain in a cgroup
that is (due to cgroup ns) outside our visibility. The kernel will
report the cgroup path of such cgroups as starting with "/../". Detect
that and print a reasonably error message instead of trying to resolve
that.
2024-11-20 18:11:38 +00:00
Mike Yuan f87863a8ff process-util: refuse to operate on remote PidRef
Follow-up for 7e3e540b88
2024-11-20 18:10:26 +00:00
Antonio Alvarez Feijoo 58c3c2886d cryptenroll: fix typo 2024-11-20 18:03:44 +00:00
Daan De Meyer dbbe895807 test-audit-util: Migrate to new assertion macros 2024-11-20 16:48:55 +00:00
Yu Watanabe 52b0351a15
core/exec-invoke: suppress placeholder home only in build_environment() (#35219)
Alternative to https://github.com/systemd/systemd/pull/34789
Closes #34789
2024-11-20 17:34:25 +09:00
Luca Boccassi fe077a1a58 units: add initrd directory to list of conditions for systemd-confext
systemd-sysext has the same check, but it was forgotten for confexts.
Needed to activate confexts from the ESP in the initrd.
2024-11-20 09:12:24 +01:00
Xuanjun Wen a526b9ddfc hwdb: add new Cube Mix Plus (i18D) rotation info
Added rotation information for the new version of Cube Mix Plus (i18D).
2024-11-20 05:23:34 +09:00
Mike Yuan 804dd670d1
sd-varlink: mark sd_varlink_server_{ref,unref} as _public_ (#35241)
Co-authored-by: Thorsten Kukuk <kukuk@suse.com>
2024-11-20 05:21:15 +09:00
Lennart Poettering d5bb359429
user-record: don't synthesize default list of self-modfiable fields for non-regular users. (#35133)
A follow-up for a192250eda

/cc @AdrianVovk
2024-11-19 14:32:21 +01:00
Antonio Alvarez Feijoo a04d42821b man/kernel-command-line: fix typo 2024-11-19 13:59:11 +01:00
Luca Boccassi 987156769b
network/ndisc: process zero lifetime options at first (#35212)
Fixes two issues reported at #33468.
2024-11-19 12:42:03 +00:00
Antonio Alvarez Feijoo 2b251491de cryptenroll: show better log message if slot to wipe does not exist
```
$ systemd-cryptenroll /dev/vda3
SLOT TYPE
   0 password
$ systemd-cryptenroll --wipe-slot 1 /dev/vda3
Failed to wipe slot 1, continuing: No such file or directory
```
2024-11-19 12:00:50 +01:00
Lennart Poettering 12b06fef7a update TODO 2024-11-19 11:03:16 +01:00
Yaron Shahrabani dd7bc02ee6 po: Translated using Weblate (Hebrew)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/he/
Translation: systemd/main
2024-11-19 19:01:31 +09:00
Mantas Mikulėnas 2424a67c02 ssh-generator: silence "Binding to socket" messages 2024-11-19 11:00:20 +01:00
Lennart Poettering ebe37f771c user-record: distinguish explicit and implicit empty modifiable lists case
We now distinguish two cases: where the list of self modifiable fields
is explicitly set to empty, and where the default is empty.

Let's display them differently in the output. When set explicitly to
empty let's mention the admin, otherwise just say "none".
2024-11-19 10:15:42 +01:00
Lennart Poettering ac8e381e26 user-record: only synthesize default list of self-modifiable fields for *regular* users
For system users we should lock things down, hence generate an empty
list.

This is mostly a safety precaution, but also hides really confusing
output of "userdbctl user" for an system user.

Follow-up for: a192250eda
2024-11-19 10:15:40 +01:00
Zbigniew Jędrzejewski-Szmek 574a04f62a
test: fix generate-sym-test using the wrong array (#35185)
For my understanding bsearch is searching in the wrong array. Or, if
it's the right one, then the size is wrong. In another commit I made the
arrays different by mistake and that triggered a SIGSEV during tests.
2024-11-19 10:15:18 +01:00
Lennart Poettering ec97125a7e vmspawn: enable memory pressure logic for vmspawn 2024-11-19 10:12:03 +01:00
Lennart Poettering 54646b1ca9 systemctl: grey out tasks limit the same way we grey out the fd store limit in the output
"systemctl status systemd-logind" otherwise looks a bit weird, since the
tasks and the fdstore lines are so close to each other but formatted
quite differently when it comes to coloring.
2024-11-19 10:11:49 +01:00
Federico Giovanardi 0c851a58f7 style: Fix formatting 2024-11-19 09:55:07 +01:00
Mike Yuan b718b86e1b
core/exec-invoke: suppress placeholder home only in build_environment()
Currently, get_fixed_user() employs USER_CREDS_SUPPRESS_PLACEHOLDER,
meaning home path is set to NULL if it's empty or root. However,
the path is also used for applying WorkingDirectory=~, and we'd
spuriously use the invoking user's home as fallback even if
User= is changed in that case.

Let's instead delegate such suppression to build_environment(),
so that home is proper initialized for usage at other steps.
shell doesn't actually suffer from such problem, but it's changed
too for consistency.

Alternative to #34789
2024-11-19 00:38:18 +01:00
Mike Yuan d911778877
core/exec-invoke: minor cleanup for apply_working_directory() error handling
Assign exit_status at the same site where error log is emitted,
for readability.
2024-11-19 00:38:18 +01:00
Mike Yuan eea9d3eb10
basic/user-util: split out placeholder suppression from USER_CREDS_CLEAN into its own flag
No functional change, preparation for later commits.
2024-11-19 00:38:18 +01:00
Mike Yuan 579ce77ead
basic/user-util: introduce shell_is_placeholder() helper 2024-11-19 00:38:18 +01:00
Daan De Meyer 70bb29db62 mkosi: Enable clangd execution for all distributions 2024-11-18 23:21:24 +00:00
Lennart Poettering cc74edd861 update TODO 2024-11-18 23:50:04 +01:00
Yu Watanabe c295b558bf test-network: add test case for IPv6 Core Conformance test v6LC.2.2.23 2024-11-19 04:48:39 +09:00
Yu Watanabe 16ccdc3748 test-network: split out check_router_preference() from test_router_preference()
This also drop high2.network and low2.network, and edit high.network and
low.network during the test.
2024-11-19 04:44:59 +09:00
Yu Watanabe 25688f8d5a network/ndisc: first process options with zero lifetime
Fixes IPv6 Core Conformance test failures reported at #33468.
https://www.ipv6ready.org/docs/Core_Conformance.pdf
Test v6LC.2.2.23 h and j: Processing Router Advertisement with Route
Information Option (Host Only)

When a RA contains route option with ::/0 prefix, then previously that
may contradict with the default route requested with the RA header.
If the route option has zero lifetime, the existing default route should
be removed, and a new route based on the RA header should be configured.
If the route option has non-zero lifetime, the RA header should be
ignored.

So, we first need to process options with zero lifetime (not only
route option, as the similar reasons), then configure the default route
based on the RA, finally process options with non-zero lifetime.
2024-11-19 04:04:14 +09:00
Yu Watanabe cb3243460b network/ndisc: sd_ndisc_router_route_get_preference() does not return -EOPNOTSUPP anymore 2024-11-19 04:04:14 +09:00
Yu Watanabe c8ddd5ff72 ndisc-option: use memcpy_safe() at one more place
As 'len' may be 8.

Follow-up for a163404cc8.
2024-11-19 04:04:14 +09:00
Zbigniew Jędrzejewski-Szmek 5e7e4e4d49 ukify: fix parsing of SignTool configuration option
This partially reverts 02eabaffe9.
As noted in https://github.com/systemd/systemd/pull/35211:
> The configuration parsing simply stores the string as-is, rather than
> creating the appropriate object

One way to fix the issue would be to store the "appropriate object", i.e.
actually the class. But that makes the code very verbose, with the conversion
being done in two places. And that still doesn't fix the issue, because we need
to map the class objects back to the original name in error messages.

So instead, store the setting as a string and only map it to the class much
later. This makes the code simpler and fixes the error messages too.

Resolves https://github.com/systemd/systemd/pull/35193
2024-11-18 14:58:41 +00:00
Yu Watanabe 4d9cac56db man: fix copy-and-paste error
Follow-up for 85a1360ecf.
2024-11-18 15:18:26 +09:00
Yu Watanabe 85a1360ecf man: add several future version info tags 2024-11-18 15:04:17 +09:00
Yu Watanabe ec0847f8fb po: update Japanese translations 2024-11-18 13:01:34 +09:00
Yu Watanabe efb158a11b network/netdev: fix typo
Follow-up for 09db410606.
2024-11-18 12:53:21 +09:00
Michał Górny 7fd70a5326 nspawn: Include arm_fadvise64_64 in syscall allow_list
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture.  Adding it fixes
the syscall being rejected in arm32 containers.

Fixes #35194
2024-11-18 11:43:35 +09:00
Yaron Shahrabani 2b60615a41 po: Translated using Weblate (Hebrew)
Currently translated at 89.1% (229 of 257 strings)

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/he/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Weblate Translation Memory d0ac6be44b po: Translated using Weblate (German)
Currently translated at 95.7% (246 of 257 strings)

Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Ettore Atalan 6b5ce5d6cc po: Translated using Weblate (German)
Currently translated at 95.7% (246 of 257 strings)

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Sergey A 033ee241b7 po: Translated using Weblate (Russian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Sergey A <Ser82-png@yandex.ru>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ru/
Translation: systemd/main
2024-11-17 15:50:36 +00:00
Luca Boccassi 72cfd2def6
mkosi: Update packaging specs (#35196) 2024-11-17 15:49:24 +00:00
Daan De Meyer ac2cdd8d09 mkosi: update debian commit reference
* 51cd22f368 Update changelog for 257~rc2-3 release
* 5308c3b905 Backport patch to remove faulty unit test assertion
* b7d805151b Update changelog for 257~rc2-2 release
* 5afc23b288 Backport patch to fix FTBFS due to failing unit test
* 0ca89ce40c Update changelog for 257~rc2-1 release
* f27216d493 Update lintian override to ignore false positive typos
* 2caa74f473 d/rules: adjust blhc override to account for source files being moved
* 6b48328ead systemd-ukify: recommend systemd-repart
* 5e01b67f43 systemd-ukify: downgrade dependency on systemd, not mandatory
* 3a4dd59e41 Install new systemd-keyutil binary in the systemd-repart package
* e64cffab71 Drop all patches, merged upstream
* 0fcef228c7 Update upstream source from tag 'upstream/257_rc2'
* a01322bb29 d/t/control: add more packages to dummy hint-testsuite-triggers
2024-11-17 13:00:59 +01:00
Daan De Meyer 59cd621733 mkosi: update fedora commit reference
* 7bd1d09f7f Change sysusers u! lines to u because we don't have support in rpm
* 943bd94cf6 Version 257~rc2
* 6162965002 Disable freezing of user sessions
* 0c236cedb9 Upload sources
* ea947ce068 Version 257~rc1
* 834ba50e79 Use %posttrans instead of %postun to restart services
* 8dafa3810b Disable OpenSSL v3 ENGINE on RHEL
* 8f44e8097d Add forgotten patch
* 86ca699d18 Backport user manager reexec changes
* 009c64d6a2 Use %systemd_preun in systemd-resolved
2024-11-17 13:00:57 +01:00
Daan De Meyer c36a963956 mkosi: update arch commit reference
* 29a73017cd upgpkg: 256.8-1: new upstream release
* cda4f7b35e add a hint on my personal testing repository
2024-11-17 13:00:55 +01:00
Luca Boccassi 248eeec612 meson: update version 2024-11-15 19:16:58 +00:00
Luca Boccassi a66fd4ac9f NEWS: update date 2024-11-15 19:16:47 +00:00
anonymix007 61d6075775 ukify: Use new .hwids PE section format 2024-11-15 19:15:30 +00:00
Daan De Meyer f2ac4458f0 bootctl: Only create loader/keys/auto if required
systemd-boot uses the existance of loader/keys/auto to determine
whether to auto-enroll secure boot or not so only create the directory
if we're actually going to put auto-enroll signature lists in it.
2024-11-15 18:36:53 +00:00
Zbigniew Jędrzejewski-Szmek 10ed6d91cb
Chores for rc2 (#35186) 2024-11-15 18:56:54 +01:00
Luca Boccassi 69cd0f4781 NEWS: update contributors list 2024-11-15 17:26:07 +00:00
Luca Boccassi 7751bfb179 NEWS: systemd-keyutil, --certificate-source, --certificate-provider 2024-11-15 17:25:29 +00:00
Luca Boccassi d182ada2c2 Update hwdb
ninja -C build update-hwdb
2024-11-15 17:17:47 +00:00
Federico Giovanardi 55980446c3 test: fix generate-sym-test using the wrong array
The second check was searching the symbols into the same array, but
using the size of the other. This generated a SIGSEV when they
occassionally mismatched.
2024-11-15 17:12:42 +01:00
Frantisek Sumsal 238ddac165 test: ignore inconsistent coverage errors
lcov 2.1 introduced additional consistency checks [0] which make it trip
over our coverage results quite often:

Summary coverage rate:
  source files: 915
  lines.......: 36.9% (78950 of 214010 lines)
  functions...: 53.3% (6906 of 12949 functions)
Message summary:
  73 warning messages:
    inconsistent: 73
lcov: ERROR: (corrupt) unable to read trace file '/var/tmp/systemd-test-TEST-04-JOURNAL/coverage-info.new': lcov: ERROR: (inconsistent) "/build/src/shutdown/umount.c":298: function 'umount_with_timeout' is not hit but line 317 is.
        To skip consistency checks, see the 'check_data_consistency' section in man lcovrc(5).
        (use "lcov --ignore-errors inconsistent ..." to bypass this error)
        (use "lcov --ignore-errors corrupt ..." to bypass this error)

This is caused by coverage collected during shutdown which is a bit
unreliable, especially towards the final shutdown stage(s). Let's just
ignore the consistency errors for now.

[0] https://github.com/linux-test-project/lcov/releases/tag/v2.2
2024-11-15 15:54:28 +00:00
Lennart Poettering be6e599935 boot: make .hwids PE section more flexible to cover more than DT one day
The proposal in https://github.com/systemd/systemd/pull/35091 suggests
that there are going to be more resources sooner or later that shall be
embeddable in a UKI, but are specific to some machine. The .hwids logic
as it is implemented right now is conceptually flexible enough to cover
that too (as long as the system has SMBIOS and thus CHIDs). Hence, let's
prepare the ground for a future (that might possibly never come, but
let's keep the door open) where the section can be reused for this
purpose.

The patch is really dumb ultimately. it just changes the initial field
in the "Device" struct to carry not just the size of it (as before) but
also a type indicator, that is for now fixed to 1, indicating DT blobs.

This breaks compatibility, hence this should get merged before we do the
v257 release, so that this is done properly before the first release
with .hwids.
2024-11-15 15:40:43 +00:00
Lennart Poettering bae936b418 nspawn: --private-users-ownership= value is called 'chown', not 'own' 2024-11-15 13:34:59 +00:00
Lennart Poettering 4b20ae9a0e pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else
We use the $WATCHDOG_USEC variable for two very closely uses: as part of
the sd_watchdog_enabled() protocol for implementing service watchdogs.
And as part of the protocol between the service manager and
systemd-shutdown across the PID 1 execve() transition during shutdown.

Apparently some exitrds tools got confused by the latter use. Let's
address that by setting $WATCHDOG_PID to 1, in accordance to the
sd_watchdog_enabled() protocol to make clear this is only intended for
PID 1 and nothing else.

Replaces: #35135
2024-11-15 13:34:06 +00:00
Daan De Meyer 1a077e05fb Add proper dependencies to ukify target
Also remove the systemd-measure dependency from the mkosi target as
mkosi doesn't invoke systemd-measure itself.
2024-11-15 10:32:24 +00:00
Lennart Poettering 9386bcc2da boot: explain the 4G quirks we apply to initrd memory allocations
Given how long it took to come to a conclusion of the discussions around
https://github.com/systemd/systemd/issues/35026, let's add a comment
that makes this easier to grok for the next time this comes up.

Follow-up for: 6e207b370e
2024-11-15 10:14:17 +00:00
Yu Watanabe dd54e63429 network/nexthop: fix copy-and-paste error
Follow-up for 688f166972.
2024-11-15 10:44:07 +01:00
Luca Boccassi 893aa45886 test: skip TEST-84-STORAGETM if running with bugged libnvme
libnvme 1.11 appears to require a kernel built with NVME TLS
kconfigs, and fails hard if it is not, as the expected
privileged keyring '.nvme' is not present. We cannot just
create it from userspace, as privileged keyrings can only
be created by the kernel itself (those starting with '.').

Skip the test if the library exactly matches this version.

https://github.com/linux-nvme/nvme-cli/issues/2573

Fixes https://github.com/systemd/systemd/issues/35130
2024-11-14 18:00:35 +00:00
Luca Boccassi 32a14422ec
ukify: Support building UKIs with .dtbauto and .hwids sections (#34158)
Stub behavior will be as following:
1. If there are no `.dtbauto` sections then is used `.dtb` if present
2. If there are `.dtbauto` sections and there is at least one matching
(either with the firmware-provided DT or via `.hwids`) then it'll be
used instead of the `.dtb`.

Based on #28959 and [dtbloader](https://github.com/TravMurav/dtbloader)

Closes #28959 
Fixes #31946
2024-11-14 16:26:01 +00:00
anonymix007 0333b9d589 ukify: Support building UKIs with a .hwids section
This section contains a predefined set of HWIDs and the corresponding compatibles to be used in dtb matching
2024-11-14 16:42:42 +03:00
anonymix007 fa258f7729 ukify: Support building UKIs with .dtbauto sections 2024-11-14 16:42:35 +03:00
112 changed files with 103441 additions and 102349 deletions

93
NEWS
View File

@ -399,6 +399,15 @@ CHANGES WITH 257 in spe:
be extended, and a --measure-base= switch to support measurement be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs. of multi-profile UKIs.
* ukify gained a --certificate-provider switch to use an OpenSSL
provider to load the certificate used to sign artifacts, instead of
having to provide the path to a file on disk.
* bootctl, systemd-keyutil, systemd-measure, systemd-repart, and
systemd-sbsign gained a new --certificate-source switch that allows
loading the X.509 certificate from an OpenSSL provider instead of a
file system path.
* systemd-boot's menu will now react to volume up/down rocker presses * systemd-boot's menu will now react to volume up/down rocker presses
the same way as to arrow up/down presses: they move the menu item up the same way as to arrow up/down presses: they move the menu item up
or down. This is useful on device form factors that have only a or down. This is useful on device form factors that have only a
@ -437,6 +446,9 @@ CHANGES WITH 257 in spe:
and providers, with pin caching support for PKCS11. ukify supports it and providers, with pin caching support for PKCS11. ukify supports it
as an alternative to sbsigntool and pesign. as an alternative to sbsigntool and pesign.
* A new systemd-keyutil tool has been added, that can be used to perform
various operations on private keys and X.509 certificates.
The journal: The journal:
* journalctl can now list invocations of a unit with the * journalctl can now list invocations of a unit with the
@ -752,36 +764,38 @@ CHANGES WITH 257 in spe:
other cases EnterNamespace= might be an suitable approach to acquire other cases EnterNamespace= might be an suitable approach to acquire
symbolized backtraces.) symbolized backtraces.)
Contributions from: A. Wilcox, Abderrahim Kitouni, Adrian Vovk, Contributions from: 12paper, A. Wilcox, Abderrahim Kitouni,
Alain Greppin, Allison Karlitskaya, Alyssa Ross, Anders Jonsson, Adrian Vovk, Alain Greppin, Allison Karlitskaya, Alyssa Ross,
Andika Triwidada, Andres Beltran, Anouk Ceyssens, Anton Golubev, Anders Jonsson, Andika Triwidada, Andres Beltran, Anouk Ceyssens,
Antonio Alvarez Feijoo, Arian van Putten, Arnaud Patard, Anselm Schueler, Anton Golubev, Antonio Alvarez Feijoo,
Arthur Shau, Bastien Nocera, Benjamin ROBIN, Brenton Simpson, Arian van Putten, Arnaud Patard, Arthur Shau, Bastien Nocera,
Bryan Gurney, ButterflyOfFire, Carlo Teubner, Celeste Liu, Benjamin ROBIN, Brenton Simpson, Bryan Gurney, ButterflyOfFire,
Chen Guanqiao, Chen Qi, Chengen Du, Christoph Anton Mitterer, Carlo Teubner, Celeste Liu, Chen Guanqiao, Chen Qi, Chengen Du,
Colin Foster, Collin L, Cristian Rodríguez, Daan De Meyer, Christoph Anton Mitterer, Colin Foster, Collin L,
Dan Nicholson, Daniel Dawson, Daniel Martinez, Cristian Rodríguez, Daan De Meyer, Dan Nicholson, Daniel Dawson,
Daniel P. Berrangé, Daniel Rusek, Darsey Litzenberger, Daniel Martinez, Daniel P. Berrangé, Daniel Rusek,
David Joaquín Shourabi Porcel, David Michael, David Rheinsberg, Darsey Litzenberger, David Joaquín Shourabi Porcel,
David Tardon, Davide Cavalca, Derek J. Clark, Diego Viola, David Michael, David Rheinsberg, David Tardon, Davide Cavalca,
Dimitrys Meliates, Diogo Ivo, DocNITE, Dominique Martinet, Derek J. Clark, Diego Viola, Dimitrys Meliates, Diogo Ivo,
Dr. David Alan Gilbert, Edson Juliano Drosdeck, Erik Sjölund, DocNITE, Dominique Martinet, Dr. David Alan Gilbert,
Etienne Champetier, Etienne Cordonnier, Ettore Atalan, Edson Juliano Drosdeck, Erik Sjölund, Etienne Champetier,
Eugeny Shcheglov, Fabian Vogt, Filip Lewiński, Florian Schmaus, Etienne Cordonnier, Ettore Atalan, Eugeny Shcheglov, Fabian Vogt,
Franck Bui, Frantisek Sumsal, Fábio Rodrigues Ribeiro, Filip Lewiński, Florian Schmaus, Franck Bui, Frantisek Sumsal,
Gabriel Elyas, Gaël PORTAY, Giovanni Baratta, Gregor Herburger, Fábio Rodrigues Ribeiro, Gabriel Elyas, Gaël PORTAY,
Gregory Arenius, GwynBleidD, Göran Uddeborg, Hans de Goede, Giovanni Baratta, Gregor Herburger, Gregory Arenius, GwynBleidD,
Helmut Grohne, Henry Chen, Ian Abbott, Integral, Ivan Kruglov, Göran Uddeborg, Hans de Goede, Helmut Grohne, Henry Chen,
Ivan Shapovalov, James Coglan, James Hilliard, James Muir, Ian Abbott, Integral, Ivan Kruglov, Ivan Shapovalov, James Coglan,
Jason Yundt, Jeffrey Bosboom, Johannes Schneider, James Hilliard, James Muir, Jason Yundt, Jeffrey Bosboom,
John A. Leuenhagen, Jose Ignacio Tornos Martinez, JoseskVolpe, Jian Zhang, Johannes Schneider, John A. Leuenhagen,
Joshua Grisham, Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk, Jose Ignacio Tornos Martinez, JoseskVolpe, Joshua Grisham,
Karel Zak, Kornilios Kourtis, Kuntal Majumder, Lennart Poettering, Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk, Karel Zak,
Luca Boccassi, Lucas Adriano Salles, Lucas Werkmeister, Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Ludwig Nussel, Luke T. Shumaker, Lukáš Nykrýn, Léane GRASSER, Lidong Zhong, Luca Boccassi, Lucas Adriano Salles,
Maanya Goenka, Mantas Mikulėnas, Marc Reisner, Marcel Hellwig, Lucas Werkmeister, Ludwig Nussel, Luke T. Shumaker,
Marin Kresic, Marius Hoch, Martin Srebotnjak, Martin Wilck, Lukáš Nykrýn, Luna Jernberg, Léane GRASSER, Maanya Goenka,
Mary Strodl, Matteo Croce, Matthias Lisin, Matthias Schiffer, Mantas Mikulėnas, Marc Reisner, Marcel Hellwig, Marin Kresic,
Marius Hoch, Martin Srebotnjak, Martin Wilck, Mary Strodl,
Matteo Croce, Matthias Lisin, Matthias Schiffer,
Matthieu Baerts (NGI0), Matthieu CHARETTE, Matthieu Baerts (NGI0), Matthieu CHARETTE,
Mauri de Souza Meneguzzo, Maximilian Wilhelm, Merlin Jehli, Mauri de Souza Meneguzzo, Maximilian Wilhelm, Merlin Jehli,
Michael Ferrari, Michal Koutný, Michal Sekletár, Michael Ferrari, Michal Koutný, Michal Sekletár,
@ -795,16 +809,17 @@ CHANGES WITH 257 in spe:
Stuart Hayhurst, Susant Sahani, Takeo Kondo, Temuri Doghonadze, Stuart Hayhurst, Susant Sahani, Takeo Kondo, Temuri Doghonadze,
Thomas Blume, Thorsten Scherer, Tobias Fleig, Tom Coldrick, Thomas Blume, Thorsten Scherer, Tobias Fleig, Tom Coldrick,
Tom Yan, Tomas Bzatek, Topi Miettinen, Uday Shankar, Tom Yan, Tomas Bzatek, Topi Miettinen, Uday Shankar,
Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo, Vladimir Panteleev, Valentin David, Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo,
Will Fancher, WilliButz, Xeonacid, Yanqing Jing, Yu Watanabe, Vladimir Panteleev, Vursc, Will Fancher, WilliButz, Xeonacid,
Yuri Chornoivan, ZHANG Yuntian, Zbigniew Jędrzejewski-Szmek, Yanqing Jing, Yu Watanabe, Yuri Chornoivan, ZHANG Yuntian,
Zhou Qiankang, anonymix007, bryango, chayleaf, chenjiayi, csp5me, Zbigniew Jędrzejewski-Szmek, Zhou Qiankang, andre4ik3, anonymix007,
cvlc12, fwfy, hugo303, jan@neighbourhood.ie, jauge-technica, lumingzh, bryango, chayleaf, chenjiayi, csp5me, cvlc12, fwfy, hugo303,
maia x., marginaldev, migleeson, nerdopolis, oldherl, pyfisch, q66, jan@neighbourhood.ie, jauge-technica, lumingzh, maia x., marginaldev,
rajmohan r, reDBo0n, rhellstrom, rindeal, samuelvw01, sinus-x, tfg13, migleeson, nerdopolis, oldherl, pyfisch, q66, rajmohan r, reDBo0n,
vdovhanych, xujing, Łukasz Stelmach, Дамјан Георгиевски rhellstrom, rindeal, samuelvw01, sinus-x, tfg13, vdovhanych, xujing,
Łukasz Stelmach, Štěpán Němec, Дамјан Георгиевски
— Edinburgh, 2024-11-06 — Edinburgh, 2024-11-15
CHANGES WITH 256: CHANGES WITH 256:

14
TODO
View File

@ -129,6 +129,20 @@ Deprecations and removals:
Features: Features:
* Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
users how to connect to the system via the AF_VSOCK, as per:
https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
* maybe introduce an OSC sequence that signals when we ask for a password, so
that terminal emulators can maybe connect a password manager or so, and
highlight things specially.
* Port pidref_namespace_open() to use PIDFD_GET_MNT_NAMESPACE and related
ioctls to get nsfds directly from pidfds.
* start using STATX_SUBVOL in btrfs_is_subvol(). Also, make use of it
generically, so that image discovery recognizes bcachefs subvols too.
* format-table: introduce new cell type for strings with ansi sequences in * format-table: introduce new cell type for strings with ansi sequences in
them. display them in regular output mode (via strip_tab_ansi()), but them. display them in regular output mode (via strip_tab_ansi()), but
suppress them in json mode. suppress them in json mode.

View File

@ -36123,7 +36123,7 @@ OUI:00A044*
ID_OUI_FROM_DATABASE=NTT IT CO., LTD. ID_OUI_FROM_DATABASE=NTT IT CO., LTD.
OUI:00A045* OUI:00A045*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:00A046* OUI:00A046*
ID_OUI_FROM_DATABASE=SCITEX CORP. LTD. ID_OUI_FROM_DATABASE=SCITEX CORP. LTD.
@ -40088,6 +40088,9 @@ OUI:044707*
OUI:04472A* OUI:04472A*
ID_OUI_FROM_DATABASE=Palo Alto Networks ID_OUI_FROM_DATABASE=Palo Alto Networks
OUI:0447CA*
ID_OUI_FROM_DATABASE=GREE ELECTRIC APPLIANCES, INC. OF ZHUHAI
OUI:04489A* OUI:04489A*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
@ -40556,6 +40559,9 @@ OUI:04AC44*
OUI:04AEC7* OUI:04AEC7*
ID_OUI_FROM_DATABASE=Marquardt ID_OUI_FROM_DATABASE=Marquardt
OUI:04B066*
ID_OUI_FROM_DATABASE=Private
OUI:04B0E7* OUI:04B0E7*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -43058,12 +43064,30 @@ OUI:0C47A90*
OUI:0C47A91* OUI:0C47A91*
ID_OUI_FROM_DATABASE=Shanghai BST Electric Co.,ltd ID_OUI_FROM_DATABASE=Shanghai BST Electric Co.,ltd
OUI:0C47A92*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A93*
ID_OUI_FROM_DATABASE=HONGKONG STONEOIM TECHNOLOGY LIMITED
OUI:0C47A94* OUI:0C47A94*
ID_OUI_FROM_DATABASE=Private ID_OUI_FROM_DATABASE=Private
OUI:0C47A95*
ID_OUI_FROM_DATABASE=Everon Co., Ltd.
OUI:0C47A96*
ID_OUI_FROM_DATABASE=Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
OUI:0C47A97* OUI:0C47A97*
ID_OUI_FROM_DATABASE=Annapurna labs ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A98*
ID_OUI_FROM_DATABASE=Honest Networks LLC
OUI:0C47A99*
ID_OUI_FROM_DATABASE=Shanghai Sigen New Energy Technology Co., Ltd
OUI:0C47A9A* OUI:0C47A9A*
ID_OUI_FROM_DATABASE=Lens Technology (Xiangtan) Co.,Ltd ID_OUI_FROM_DATABASE=Lens Technology (Xiangtan) Co.,Ltd
@ -43076,6 +43100,9 @@ OUI:0C47A9C*
OUI:0C47A9D* OUI:0C47A9D*
ID_OUI_FROM_DATABASE=DIG_LINK ID_OUI_FROM_DATABASE=DIG_LINK
OUI:0C47A9E*
ID_OUI_FROM_DATABASE=BGResearch
OUI:0C47C9* OUI:0C47C9*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc. ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
@ -43598,6 +43625,9 @@ OUI:0C9301*
OUI:0C938F* OUI:0C938F*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
OUI:0C93A5*
ID_OUI_FROM_DATABASE=eero inc.
OUI:0C93FB* OUI:0C93FB*
ID_OUI_FROM_DATABASE=BNS Solutions ID_OUI_FROM_DATABASE=BNS Solutions
@ -44027,6 +44057,9 @@ OUI:0CEC84*
OUI:0CEC8D* OUI:0CEC8D*
ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company
OUI:0CED71*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:0CEDC8* OUI:0CEDC8*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -46211,6 +46244,9 @@ OUI:147F67*
OUI:147FCE* OUI:147FCE*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:1480CC*
ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd.
OUI:14825B* OUI:14825B*
ID_OUI_FROM_DATABASE=Hefei Radio Communication Technology Co., Ltd ID_OUI_FROM_DATABASE=Hefei Radio Communication Technology Co., Ltd
@ -47297,6 +47333,9 @@ OUI:1869DA*
OUI:186A81* OUI:186A81*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:186BE2*
ID_OUI_FROM_DATABASE=LYLINK LIMITED
OUI:186D99* OUI:186D99*
ID_OUI_FROM_DATABASE=Adanis Inc. ID_OUI_FROM_DATABASE=Adanis Inc.
@ -48560,6 +48599,9 @@ OUI:1C4D70*
OUI:1C4D89* OUI:1C4D89*
ID_OUI_FROM_DATABASE=Hangzhou Huacheng Network Technology Co.,Ltd ID_OUI_FROM_DATABASE=Hangzhou Huacheng Network Technology Co.,Ltd
OUI:1C4EA2*
ID_OUI_FROM_DATABASE=Shenzhen V-Link Technology CO., LTD.
OUI:1C501E* OUI:1C501E*
ID_OUI_FROM_DATABASE=Sunplus Technology Co., Ltd. ID_OUI_FROM_DATABASE=Sunplus Technology Co., Ltd.
@ -48809,6 +48851,9 @@ OUI:1C77F6*
OUI:1C7839* OUI:1C7839*
ID_OUI_FROM_DATABASE=Shenzhen Tencent Computer System Co., Ltd. ID_OUI_FROM_DATABASE=Shenzhen Tencent Computer System Co., Ltd.
OUI:1C784B*
ID_OUI_FROM_DATABASE=Bouffalo Lab (Nanjing) Co., Ltd.
OUI:1C784E* OUI:1C784E*
ID_OUI_FROM_DATABASE=China Mobile Iot Limited company ID_OUI_FROM_DATABASE=China Mobile Iot Limited company
@ -49145,6 +49190,9 @@ OUI:1C937C*
OUI:1C93C4* OUI:1C93C4*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc. ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
OUI:1C9468*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:1C9492* OUI:1C9492*
ID_OUI_FROM_DATABASE=RUAG Schweiz AG ID_OUI_FROM_DATABASE=RUAG Schweiz AG
@ -51335,6 +51383,9 @@ OUI:24470E*
OUI:244845* OUI:244845*
ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd. ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd.
OUI:244885*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:24497B* OUI:24497B*
ID_OUI_FROM_DATABASE=Innovative Converged Devices Inc ID_OUI_FROM_DATABASE=Innovative Converged Devices Inc
@ -53387,6 +53438,9 @@ OUI:28DB81*
OUI:28DBA7* OUI:28DBA7*
ID_OUI_FROM_DATABASE=Silicon Laboratories ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:28DE1C*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:28DE59* OUI:28DE59*
ID_OUI_FROM_DATABASE=Domus NTW CORP. ID_OUI_FROM_DATABASE=Domus NTW CORP.
@ -54396,7 +54450,7 @@ OUI:2C691D3*
ID_OUI_FROM_DATABASE=Sunsa, Inc ID_OUI_FROM_DATABASE=Sunsa, Inc
OUI:2C691D4* OUI:2C691D4*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:2C691D5* OUI:2C691D5*
ID_OUI_FROM_DATABASE=LG Electronics Inc. ID_OUI_FROM_DATABASE=LG Electronics Inc.
@ -55172,6 +55226,9 @@ OUI:2CFFEE*
OUI:3000FC* OUI:3000FC*
ID_OUI_FROM_DATABASE=Nokia ID_OUI_FROM_DATABASE=Nokia
OUI:3001AF*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:3003C8* OUI:3003C8*
ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD. ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD.
@ -56345,6 +56402,9 @@ OUI:30E3D6*
OUI:30E48E* OUI:30E48E*
ID_OUI_FROM_DATABASE=Vodafone UK ID_OUI_FROM_DATABASE=Vodafone UK
OUI:30E4D8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30E4DB* OUI:30E4DB*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -56360,6 +56420,9 @@ OUI:30E98E*
OUI:30EA26* OUI:30EA26*
ID_OUI_FROM_DATABASE=Sycada BV ID_OUI_FROM_DATABASE=Sycada BV
OUI:30EB15*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30EB1F* OUI:30EB1F*
ID_OUI_FROM_DATABASE=Skylab M&C Technology Co.,Ltd ID_OUI_FROM_DATABASE=Skylab M&C Technology Co.,Ltd
@ -57137,6 +57200,9 @@ OUI:346F92*
OUI:346FED* OUI:346FED*
ID_OUI_FROM_DATABASE=Enovation Controls ID_OUI_FROM_DATABASE=Enovation Controls
OUI:347069*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:347146* OUI:347146*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
@ -57887,6 +57953,9 @@ OUI:34F39A*
OUI:34F39B* OUI:34F39B*
ID_OUI_FROM_DATABASE=WizLAN Ltd. ID_OUI_FROM_DATABASE=WizLAN Ltd.
OUI:34F5D7*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:34F62D* OUI:34F62D*
ID_OUI_FROM_DATABASE=SHARP Corporation ID_OUI_FROM_DATABASE=SHARP Corporation
@ -58382,6 +58451,9 @@ OUI:384C4F*
OUI:384C90* OUI:384C90*
ID_OUI_FROM_DATABASE=Commscope ID_OUI_FROM_DATABASE=Commscope
OUI:384DD2*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:384F49* OUI:384F49*
ID_OUI_FROM_DATABASE=Juniper Networks ID_OUI_FROM_DATABASE=Juniper Networks
@ -60650,6 +60722,9 @@ OUI:3CE624*
OUI:3CE824* OUI:3CE824*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:3CE86E*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:3CE90E* OUI:3CE90E*
ID_OUI_FROM_DATABASE=Espressif Inc. ID_OUI_FROM_DATABASE=Espressif Inc.
@ -62984,6 +63059,9 @@ OUI:44AAE8*
OUI:44AAF5* OUI:44AAF5*
ID_OUI_FROM_DATABASE=Commscope ID_OUI_FROM_DATABASE=Commscope
OUI:44AC85*
ID_OUI_FROM_DATABASE=eero inc.
OUI:44AD19* OUI:44AD19*
ID_OUI_FROM_DATABASE=XINGFEI H.KLIMITED ID_OUI_FROM_DATABASE=XINGFEI H.KLIMITED
@ -63356,6 +63434,9 @@ OUI:44F477*
OUI:44F4E7* OUI:44F4E7*
ID_OUI_FROM_DATABASE=Cohesity Inc ID_OUI_FROM_DATABASE=Cohesity Inc
OUI:44F53E*
ID_OUI_FROM_DATABASE=Earda Technologies co Ltd
OUI:44F770* OUI:44F770*
ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd
@ -67448,6 +67529,9 @@ OUI:50E039*
OUI:50E085* OUI:50E085*
ID_OUI_FROM_DATABASE=Intel Corporate ID_OUI_FROM_DATABASE=Intel Corporate
OUI:50E099*
ID_OUI_FROM_DATABASE=HangZhou Atuo Future Technology Co., Ltd
OUI:50E0C7* OUI:50E0C7*
ID_OUI_FROM_DATABASE=TurControlSystme AG ID_OUI_FROM_DATABASE=TurControlSystme AG
@ -68237,6 +68321,9 @@ OUI:547D40*
OUI:547DCD* OUI:547DCD*
ID_OUI_FROM_DATABASE=Texas Instruments ID_OUI_FROM_DATABASE=Texas Instruments
OUI:547E1A*
ID_OUI_FROM_DATABASE=Kaon Group Co., Ltd.
OUI:547F54* OUI:547F54*
ID_OUI_FROM_DATABASE=INGENICO ID_OUI_FROM_DATABASE=INGENICO
@ -69941,6 +70028,9 @@ OUI:58DB8D*
OUI:58DC6D* OUI:58DC6D*
ID_OUI_FROM_DATABASE=Exceptional Innovation, Inc. ID_OUI_FROM_DATABASE=Exceptional Innovation, Inc.
OUI:58DF59*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:58E02C* OUI:58E02C*
ID_OUI_FROM_DATABASE=Micro Technic A/S ID_OUI_FROM_DATABASE=Micro Technic A/S
@ -70085,6 +70175,9 @@ OUI:58F987*
OUI:58F98E* OUI:58F98E*
ID_OUI_FROM_DATABASE=SECUDOS GmbH ID_OUI_FROM_DATABASE=SECUDOS GmbH
OUI:58FB3E*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:58FB84* OUI:58FB84*
ID_OUI_FROM_DATABASE=Intel Corporate ID_OUI_FROM_DATABASE=Intel Corporate
@ -74438,6 +74531,9 @@ OUI:684F64*
OUI:68505D* OUI:68505D*
ID_OUI_FROM_DATABASE=Halo Technologies ID_OUI_FROM_DATABASE=Halo Technologies
OUI:68508C*
ID_OUI_FROM_DATABASE=Shanghai Sunmi Technology Co.,Ltd.
OUI:685134* OUI:685134*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
@ -74849,6 +74945,9 @@ OUI:689A87*
OUI:689AB7* OUI:689AB7*
ID_OUI_FROM_DATABASE=Atelier Vision Corporation ID_OUI_FROM_DATABASE=Atelier Vision Corporation
OUI:689B43*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:689C5E* OUI:689C5E*
ID_OUI_FROM_DATABASE=AcSiP Technology Corp. ID_OUI_FROM_DATABASE=AcSiP Technology Corp.
@ -94458,7 +94557,7 @@ OUI:7CBD06*
ID_OUI_FROM_DATABASE=AE REFUsol ID_OUI_FROM_DATABASE=AE REFUsol
OUI:7CBF77* OUI:7CBF77*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:7CBF88* OUI:7CBF88*
ID_OUI_FROM_DATABASE=Mobilicom LTD ID_OUI_FROM_DATABASE=Mobilicom LTD
@ -95102,6 +95201,9 @@ OUI:802E14*
OUI:802EC3* OUI:802EC3*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:802EDE*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:802FDE* OUI:802FDE*
ID_OUI_FROM_DATABASE=Zurich Instruments AG ID_OUI_FROM_DATABASE=Zurich Instruments AG
@ -95177,6 +95279,9 @@ OUI:803C20*
OUI:803E48* OUI:803E48*
ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT
OUI:803E4F*
ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd.
OUI:803F5D* OUI:803F5D*
ID_OUI_FROM_DATABASE=Winstars Technology Ltd ID_OUI_FROM_DATABASE=Winstars Technology Ltd
@ -95426,6 +95531,9 @@ OUI:8077A4*
OUI:807871* OUI:807871*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:807933*
ID_OUI_FROM_DATABASE=Aigentec Technology(Zhejiang) Co., Ltd.
OUI:80795D* OUI:80795D*
ID_OUI_FROM_DATABASE=Infinix mobility limited ID_OUI_FROM_DATABASE=Infinix mobility limited
@ -97790,6 +97898,9 @@ OUI:884477*
OUI:8844F6* OUI:8844F6*
ID_OUI_FROM_DATABASE=Nokia Corporation ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:8845F0*
ID_OUI_FROM_DATABASE=GUANGDONG GENIUS TECHNOLOGY CO., LTD.
OUI:884604* OUI:884604*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -99572,6 +99683,9 @@ OUI:8C1F64154*
OUI:8C1F64155* OUI:8C1F64155*
ID_OUI_FROM_DATABASE=SLAT ID_OUI_FROM_DATABASE=SLAT
OUI:8C1F64159*
ID_OUI_FROM_DATABASE=Mediana Co., Ltd.
OUI:8C1F6415A* OUI:8C1F6415A*
ID_OUI_FROM_DATABASE=ASHIDA Electronics Pvt. Ltd ID_OUI_FROM_DATABASE=ASHIDA Electronics Pvt. Ltd
@ -99698,6 +99812,9 @@ OUI:8C1F641B9*
OUI:8C1F641BB* OUI:8C1F641BB*
ID_OUI_FROM_DATABASE=Renwei Electronics Technology (Shenzhen) Co.,LTD. ID_OUI_FROM_DATABASE=Renwei Electronics Technology (Shenzhen) Co.,LTD.
OUI:8C1F641BC*
ID_OUI_FROM_DATABASE=Transit Solutions, LLC.
OUI:8C1F641BD* OUI:8C1F641BD*
ID_OUI_FROM_DATABASE=DORLET SAU ID_OUI_FROM_DATABASE=DORLET SAU
@ -99797,6 +99914,9 @@ OUI:8C1F64203*
OUI:8C1F64204* OUI:8C1F64204*
ID_OUI_FROM_DATABASE=castcore ID_OUI_FROM_DATABASE=castcore
OUI:8C1F64206*
ID_OUI_FROM_DATABASE=KRYFS TECHNOLOGIES PRIVATE LIMITED
OUI:8C1F64208* OUI:8C1F64208*
ID_OUI_FROM_DATABASE=Sichuan AnSphere Technology Co. Ltd. ID_OUI_FROM_DATABASE=Sichuan AnSphere Technology Co. Ltd.
@ -100373,6 +100493,9 @@ OUI:8C1F64392*
OUI:8C1F64393* OUI:8C1F64393*
ID_OUI_FROM_DATABASE=GRE SYSTEM INC. ID_OUI_FROM_DATABASE=GRE SYSTEM INC.
OUI:8C1F64394*
ID_OUI_FROM_DATABASE=Ceranext Ltd
OUI:8C1F64395* OUI:8C1F64395*
ID_OUI_FROM_DATABASE=Beijing Ceresdata Technology Co., LTD ID_OUI_FROM_DATABASE=Beijing Ceresdata Technology Co., LTD
@ -100565,6 +100688,9 @@ OUI:8C1F64417*
OUI:8C1F64419* OUI:8C1F64419*
ID_OUI_FROM_DATABASE=Naval Group ID_OUI_FROM_DATABASE=Naval Group
OUI:8C1F6441B*
ID_OUI_FROM_DATABASE=ENERGY POWER PRODUCTS LIMITED
OUI:8C1F6441C* OUI:8C1F6441C*
ID_OUI_FROM_DATABASE=KSE GmbH ID_OUI_FROM_DATABASE=KSE GmbH
@ -102014,6 +102140,9 @@ OUI:8C1F64803*
OUI:8C1F64804* OUI:8C1F64804*
ID_OUI_FROM_DATABASE=EA Elektro-Automatik ID_OUI_FROM_DATABASE=EA Elektro-Automatik
OUI:8C1F64806*
ID_OUI_FROM_DATABASE=Matrixspace
OUI:8C1F64807* OUI:8C1F64807*
ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA
@ -102620,6 +102749,9 @@ OUI:8C1F649B3*
OUI:8C1F649B6* OUI:8C1F649B6*
ID_OUI_FROM_DATABASE=GS Elektromedizinsiche Geräte G. Stemple GmbH ID_OUI_FROM_DATABASE=GS Elektromedizinsiche Geräte G. Stemple GmbH
OUI:8C1F649B8*
ID_OUI_FROM_DATABASE=Makel Elektrik Malzemeleri A.Ş.
OUI:8C1F649B9* OUI:8C1F649B9*
ID_OUI_FROM_DATABASE=QUERCUS TECHNOLOGIES, S.L. ID_OUI_FROM_DATABASE=QUERCUS TECHNOLOGIES, S.L.
@ -104366,6 +104498,9 @@ OUI:8C1F64E80*
OUI:8C1F64E86* OUI:8C1F64E86*
ID_OUI_FROM_DATABASE=ComVetia AG ID_OUI_FROM_DATABASE=ComVetia AG
OUI:8C1F64E88*
ID_OUI_FROM_DATABASE=SiFive Inc
OUI:8C1F64E89* OUI:8C1F64E89*
ID_OUI_FROM_DATABASE=PADL Software Pty Ltd ID_OUI_FROM_DATABASE=PADL Software Pty Ltd
@ -104828,6 +104963,9 @@ OUI:8C1F64FDA*
OUI:8C1F64FDC* OUI:8C1F64FDC*
ID_OUI_FROM_DATABASE=Nuphoton Technologies ID_OUI_FROM_DATABASE=Nuphoton Technologies
OUI:8C1F64FDF*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company
OUI:8C1F64FE0* OUI:8C1F64FE0*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company ID_OUI_FROM_DATABASE=Potter Electric Signal Company
@ -108248,6 +108386,9 @@ OUI:94A04E*
OUI:94A07D* OUI:94A07D*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd. ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:94A081*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:94A1A2* OUI:94A1A2*
ID_OUI_FROM_DATABASE=AMPAK Technology, Inc. ID_OUI_FROM_DATABASE=AMPAK Technology, Inc.
@ -109112,6 +109253,9 @@ OUI:981E0F*
OUI:981E19* OUI:981E19*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:981E89*
ID_OUI_FROM_DATABASE=Tianyi Telecom Terminals Company Limited
OUI:981FB1* OUI:981FB1*
ID_OUI_FROM_DATABASE=Shenzhen Lemon Network Technology Co.,Ltd ID_OUI_FROM_DATABASE=Shenzhen Lemon Network Technology Co.,Ltd
@ -109841,6 +109985,9 @@ OUI:98A404*
OUI:98A40E* OUI:98A40E*
ID_OUI_FROM_DATABASE=Snap, Inc. ID_OUI_FROM_DATABASE=Snap, Inc.
OUI:98A44E*
ID_OUI_FROM_DATABASE=IEC Technologies S. de R.L de C.V.
OUI:98A5F9* OUI:98A5F9*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
@ -111275,6 +111422,9 @@ OUI:9CB793*
OUI:9CB8B4* OUI:9CB8B4*
ID_OUI_FROM_DATABASE=AMPAK Technology,Inc. ID_OUI_FROM_DATABASE=AMPAK Technology,Inc.
OUI:9CBAC9*
ID_OUI_FROM_DATABASE=Telit Communication s.p.a
OUI:9CBB98* OUI:9CBB98*
ID_OUI_FROM_DATABASE=Shen Zhen RND Electronic Co.,LTD ID_OUI_FROM_DATABASE=Shen Zhen RND Electronic Co.,LTD
@ -111710,6 +111860,9 @@ OUI:A00BBA*
OUI:A00CA1* OUI:A00CA1*
ID_OUI_FROM_DATABASE=SKTB SKiT ID_OUI_FROM_DATABASE=SKTB SKiT
OUI:A00CE2*
ID_OUI_FROM_DATABASE=Shenzhen Shokz Co., Ltd.
OUI:A00E98* OUI:A00E98*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -113801,6 +113954,9 @@ OUI:A47C1F*
OUI:A47CC9* OUI:A47CC9*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:A47D78*
ID_OUI_FROM_DATABASE=Edgecore Americas Networking Corporation
OUI:A47D9F* OUI:A47D9F*
ID_OUI_FROM_DATABASE=Shenzhen iComm Semiconductor CO.,LTD ID_OUI_FROM_DATABASE=Shenzhen iComm Semiconductor CO.,LTD
@ -115011,7 +115167,7 @@ OUI:A87285*
ID_OUI_FROM_DATABASE=IDT, INC. ID_OUI_FROM_DATABASE=IDT, INC.
OUI:A8741D* OUI:A8741D*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:A87484* OUI:A87484*
ID_OUI_FROM_DATABASE=zte corporation ID_OUI_FROM_DATABASE=zte corporation
@ -115118,6 +115274,9 @@ OUI:A88D7B*
OUI:A88E24* OUI:A88E24*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:A88F99*
ID_OUI_FROM_DATABASE=Arista Networks
OUI:A88FD9* OUI:A88FD9*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
@ -119228,6 +119387,9 @@ OUI:B4C810*
OUI:B4C9B9* OUI:B4C9B9*
ID_OUI_FROM_DATABASE=Sichuan AI-Link Technology Co., Ltd. ID_OUI_FROM_DATABASE=Sichuan AI-Link Technology Co., Ltd.
OUI:B4CADD*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:B4CB57* OUI:B4CB57*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
@ -120413,6 +120575,9 @@ OUI:B8D4C3*
OUI:B8D4E7* OUI:B8D4E7*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:B8D4F7*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:B8D50B* OUI:B8D50B*
ID_OUI_FROM_DATABASE=Sunitec Enterprise Co.,Ltd ID_OUI_FROM_DATABASE=Sunitec Enterprise Co.,Ltd
@ -122114,6 +122279,12 @@ OUI:C02C5C*
OUI:C02C7A* OUI:C02C7A*
ID_OUI_FROM_DATABASE=Shenzhen Horn Audio Co.,Ltd. ID_OUI_FROM_DATABASE=Shenzhen Horn Audio Co.,Ltd.
OUI:C02CED*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:C02D2E*
ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd.
OUI:C02DEE* OUI:C02DEE*
ID_OUI_FROM_DATABASE=Cuff ID_OUI_FROM_DATABASE=Cuff
@ -123200,6 +123371,9 @@ OUI:C0F79D*
OUI:C0F827* OUI:C0F827*
ID_OUI_FROM_DATABASE=Rapidmax Technology Corporation ID_OUI_FROM_DATABASE=Rapidmax Technology Corporation
OUI:C0F853*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:C0F87F* OUI:C0F87F*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -126368,6 +126542,9 @@ OUI:CC10A3*
OUI:CC115A* OUI:CC115A*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:CC1228*
ID_OUI_FROM_DATABASE=HISENSE VISUAL TECHNOLOGY CO.,LTD
OUI:CC14A6* OUI:CC14A6*
ID_OUI_FROM_DATABASE=Yichun MyEnergy Domain, Inc ID_OUI_FROM_DATABASE=Yichun MyEnergy Domain, Inc
@ -126458,6 +126635,9 @@ OUI:CC1FC4*
OUI:CC208C* OUI:CC208C*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:CC20AC*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:CC20E8* OUI:CC20E8*
ID_OUI_FROM_DATABASE=Apple, Inc. ID_OUI_FROM_DATABASE=Apple, Inc.
@ -127037,6 +127217,9 @@ OUI:CC896C*
OUI:CC89FD* OUI:CC89FD*
ID_OUI_FROM_DATABASE=Nokia Corporation ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:CC8A84*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:CC8C17* OUI:CC8C17*
ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED
@ -127362,7 +127545,7 @@ OUI:CCCCCC*
ID_OUI_FROM_DATABASE=Silicon Laboratories ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:CCCCEA* OUI:CCCCEA*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:CCCD64* OUI:CCCD64*
ID_OUI_FROM_DATABASE=SM-Electronic GmbH ID_OUI_FROM_DATABASE=SM-Electronic GmbH
@ -130773,7 +130956,7 @@ OUI:D822F4*
ID_OUI_FROM_DATABASE=Avnet Silica ID_OUI_FROM_DATABASE=Avnet Silica
OUI:D823E0* OUI:D823E0*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:D82477* OUI:D82477*
ID_OUI_FROM_DATABASE=Universal Electric Corporation ID_OUI_FROM_DATABASE=Universal Electric Corporation
@ -130958,6 +131141,9 @@ OUI:D8490B*
OUI:D8492F* OUI:D8492F*
ID_OUI_FROM_DATABASE=CANON INC. ID_OUI_FROM_DATABASE=CANON INC.
OUI:D849BF*
ID_OUI_FROM_DATABASE=CELESTICA INC.
OUI:D84A2B* OUI:D84A2B*
ID_OUI_FROM_DATABASE=zte corporation ID_OUI_FROM_DATABASE=zte corporation
@ -131543,6 +131729,9 @@ OUI:D8C771*
OUI:D8C7C8* OUI:D8C7C8*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:D8C80C*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:D8C8E9* OUI:D8C8E9*
ID_OUI_FROM_DATABASE=Phicomm (Shanghai) Co., Ltd. ID_OUI_FROM_DATABASE=Phicomm (Shanghai) Co., Ltd.
@ -132101,6 +132290,9 @@ OUI:DC41A9*
OUI:DC41E5* OUI:DC41E5*
ID_OUI_FROM_DATABASE=Shenzhen Zhixin Data Service Co., Ltd. ID_OUI_FROM_DATABASE=Shenzhen Zhixin Data Service Co., Ltd.
OUI:DC42C8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:DC44270* OUI:DC44270*
ID_OUI_FROM_DATABASE=Suritel ID_OUI_FROM_DATABASE=Suritel
@ -133175,6 +133367,9 @@ OUI:E021FE*
OUI:E02202* OUI:E02202*
ID_OUI_FROM_DATABASE=Commscope ID_OUI_FROM_DATABASE=Commscope
OUI:E022A1*
ID_OUI_FROM_DATABASE=AltoBeam Inc.
OUI:E023D7* OUI:E023D7*
ID_OUI_FROM_DATABASE=Sleep Number ID_OUI_FROM_DATABASE=Sleep Number
@ -135413,6 +135608,9 @@ OUI:E4FC82*
OUI:E4FD45* OUI:E4FD45*
ID_OUI_FROM_DATABASE=Intel Corporate ID_OUI_FROM_DATABASE=Intel Corporate
OUI:E4FD8C*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:E4FDA1* OUI:E4FDA1*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -136478,6 +136676,9 @@ OUI:E8CD2D*
OUI:E8CE06* OUI:E8CE06*
ID_OUI_FROM_DATABASE=SkyHawke Technologies, LLC. ID_OUI_FROM_DATABASE=SkyHawke Technologies, LLC.
OUI:E8CF83*
ID_OUI_FROM_DATABASE=Dell Inc.
OUI:E8D03C* OUI:E8D03C*
ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd
@ -137312,6 +137513,30 @@ OUI:EC748C*
OUI:EC74BA* OUI:EC74BA*
ID_OUI_FROM_DATABASE=Hirschmann Automation and Control GmbH ID_OUI_FROM_DATABASE=Hirschmann Automation and Control GmbH
OUI:EC74CD3*
ID_OUI_FROM_DATABASE=iSolution Technologies Co.,Ltd.
OUI:EC74CD5*
ID_OUI_FROM_DATABASE=Standard Backhaul Communications
OUI:EC74CD6*
ID_OUI_FROM_DATABASE=Platypus
OUI:EC74CD8*
ID_OUI_FROM_DATABASE=TRANS AUDIO VIDEO SRL
OUI:EC74CD9*
ID_OUI_FROM_DATABASE=Sound Health Systems
OUI:EC74CDA*
ID_OUI_FROM_DATABASE=Bosch (zhuhai) Security Systems Company, Ltd.
OUI:EC74CDB*
ID_OUI_FROM_DATABASE=Hitachi Rail GTS Austria GmbH
OUI:EC74CDD*
ID_OUI_FROM_DATABASE=Shenzhen Ting-Shine Technology Co., Ltd.
OUI:EC74D7* OUI:EC74D7*
ID_OUI_FROM_DATABASE=Grandstream Networks Inc ID_OUI_FROM_DATABASE=Grandstream Networks Inc
@ -143102,6 +143327,9 @@ OUI:FCB467*
OUI:FCB4E6* OUI:FCB4E6*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:FCB577*
ID_OUI_FROM_DATABASE=Cortex Security Inc
OUI:FCB585* OUI:FCB585*
ID_OUI_FROM_DATABASE=Shenzhen Water World Information Co.,Ltd. ID_OUI_FROM_DATABASE=Shenzhen Water World Information Co.,Ltd.
@ -143159,6 +143387,9 @@ OUI:FCC23D*
OUI:FCC2DE* OUI:FCC2DE*
ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd. ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd.
OUI:FCC2E5*
ID_OUI_FROM_DATABASE=HOLOWITS TECHNOLOGIES CO.,LTD
OUI:FCC734* OUI:FCC734*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd

View File

@ -2019,9 +2019,6 @@ acpi:DEL*:
acpi:DEM*: acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEN*: acpi:DEN*:
ID_VENDOR_FROM_DATABASE=Densitron Computers Ltd ID_VENDOR_FROM_DATABASE=Densitron Computers Ltd

View File

@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base 2024-11-06 10:40:14.734611315 +0000 --- 20-acpi-vendor.hwdb.base 2024-11-15 17:16:38.971258201 +0000
+++ 20-acpi-vendor.hwdb 2024-11-06 10:40:14.738611667 +0000 +++ 20-acpi-vendor.hwdb 2024-11-15 17:16:38.979258339 +0000
@@ -3,6 +3,8 @@ @@ -3,6 +3,8 @@
# Data imported from: # Data imported from:
# https://uefi.org/uefi-pnp-export # https://uefi.org/uefi-pnp-export
@ -137,7 +137,7 @@
acpi:COI*: acpi:COI*:
ID_VENDOR_FROM_DATABASE=Codec Inc. ID_VENDOR_FROM_DATABASE=Codec Inc.
@@ -2063,7 +2092,7 @@ @@ -2060,7 +2089,7 @@
ID_VENDOR_FROM_DATABASE=Dragon Information Technology ID_VENDOR_FROM_DATABASE=Dragon Information Technology
acpi:DJE*: acpi:DJE*:
@ -146,7 +146,7 @@
acpi:DJP*: acpi:DJP*:
ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
@@ -2416,6 +2445,9 @@ @@ -2413,6 +2442,9 @@
acpi:EIN*: acpi:EIN*:
ID_VENDOR_FROM_DATABASE=Elegant Invention ID_VENDOR_FROM_DATABASE=Elegant Invention
@ -156,7 +156,7 @@
acpi:EKA*: acpi:EKA*:
ID_VENDOR_FROM_DATABASE=MagTek Inc. ID_VENDOR_FROM_DATABASE=MagTek Inc.
@@ -2686,6 +2718,9 @@ @@ -2683,6 +2715,9 @@
acpi:FCG*: acpi:FCG*:
ID_VENDOR_FROM_DATABASE=First International Computer Ltd ID_VENDOR_FROM_DATABASE=First International Computer Ltd
@ -166,7 +166,7 @@
acpi:FCS*: acpi:FCS*:
ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc. ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
@@ -3062,7 +3097,7 @@ @@ -3059,7 +3094,7 @@
ID_VENDOR_FROM_DATABASE=General Standards Corporation ID_VENDOR_FROM_DATABASE=General Standards Corporation
acpi:GSM*: acpi:GSM*:
@ -175,7 +175,7 @@
acpi:GSN*: acpi:GSN*:
ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc. ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
@@ -3172,6 +3207,9 @@ @@ -3169,6 +3204,9 @@
acpi:HEC*: acpi:HEC*:
ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd. ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
@ -185,7 +185,7 @@
acpi:HEL*: acpi:HEL*:
ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
@@ -3307,6 +3345,9 @@ @@ -3304,6 +3342,9 @@
acpi:HSD*: acpi:HSD*:
ID_VENDOR_FROM_DATABASE=HannStar Display Corp ID_VENDOR_FROM_DATABASE=HannStar Display Corp
@ -195,7 +195,7 @@
acpi:HSM*: acpi:HSM*:
ID_VENDOR_FROM_DATABASE=AT&T Microelectronics ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
@@ -3433,6 +3474,9 @@ @@ -3430,6 +3471,9 @@
acpi:ICI*: acpi:ICI*:
ID_VENDOR_FROM_DATABASE=Infotek Communication Inc ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
@ -205,7 +205,7 @@
acpi:ICM*: acpi:ICM*:
ID_VENDOR_FROM_DATABASE=Intracom SA ID_VENDOR_FROM_DATABASE=Intracom SA
@@ -3529,6 +3573,9 @@ @@ -3526,6 +3570,9 @@
acpi:IKE*: acpi:IKE*:
ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd. ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
@ -215,7 +215,7 @@
acpi:IKS*: acpi:IKS*:
ID_VENDOR_FROM_DATABASE=Ikos Systems Inc ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
@@ -3577,6 +3624,9 @@ @@ -3574,6 +3621,9 @@
acpi:IMX*: acpi:IMX*:
ID_VENDOR_FROM_DATABASE=arpara Technology Co., Ltd. ID_VENDOR_FROM_DATABASE=arpara Technology Co., Ltd.
@ -225,7 +225,7 @@
acpi:INA*: acpi:INA*:
ID_VENDOR_FROM_DATABASE=Inventec Corporation ID_VENDOR_FROM_DATABASE=Inventec Corporation
@@ -4105,6 +4155,9 @@ @@ -4102,6 +4152,9 @@
acpi:LAN*: acpi:LAN*:
ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
@ -235,7 +235,7 @@
acpi:LAS*: acpi:LAS*:
ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
@@ -4156,6 +4209,9 @@ @@ -4153,6 +4206,9 @@
acpi:LED*: acpi:LED*:
ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
@ -245,7 +245,7 @@
acpi:LEG*: acpi:LEG*:
ID_VENDOR_FROM_DATABASE=Legerity, Inc ID_VENDOR_FROM_DATABASE=Legerity, Inc
@@ -4174,6 +4230,9 @@ @@ -4171,6 +4227,9 @@
acpi:LGD*: acpi:LGD*:
ID_VENDOR_FROM_DATABASE=LG Display ID_VENDOR_FROM_DATABASE=LG Display
@ -255,7 +255,7 @@
acpi:LGI*: acpi:LGI*:
ID_VENDOR_FROM_DATABASE=Logitech Inc ID_VENDOR_FROM_DATABASE=Logitech Inc
@@ -4240,6 +4299,9 @@ @@ -4237,6 +4296,9 @@
acpi:LND*: acpi:LND*:
ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
@ -265,7 +265,7 @@
acpi:LNK*: acpi:LNK*:
ID_VENDOR_FROM_DATABASE=Link Tech Inc ID_VENDOR_FROM_DATABASE=Link Tech Inc
@@ -4274,7 +4336,7 @@ @@ -4271,7 +4333,7 @@
ID_VENDOR_FROM_DATABASE=Design Technology ID_VENDOR_FROM_DATABASE=Design Technology
acpi:LPL*: acpi:LPL*:
@ -274,7 +274,7 @@
acpi:LSC*: acpi:LSC*:
ID_VENDOR_FROM_DATABASE=LifeSize Communications ID_VENDOR_FROM_DATABASE=LifeSize Communications
@@ -4450,6 +4512,9 @@ @@ -4447,6 +4509,9 @@
acpi:MCX*: acpi:MCX*:
ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc. ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
@ -284,7 +284,7 @@
acpi:MDA*: acpi:MDA*:
ID_VENDOR_FROM_DATABASE=Media4 Inc ID_VENDOR_FROM_DATABASE=Media4 Inc
@@ -4696,6 +4761,9 @@ @@ -4693,6 +4758,9 @@
acpi:MOM*: acpi:MOM*:
ID_VENDOR_FROM_DATABASE=Momentum Data Systems ID_VENDOR_FROM_DATABASE=Momentum Data Systems
@ -294,7 +294,7 @@
acpi:MOS*: acpi:MOS*:
ID_VENDOR_FROM_DATABASE=Moses Corporation ID_VENDOR_FROM_DATABASE=Moses Corporation
@@ -4936,6 +5004,9 @@ @@ -4933,6 +5001,9 @@
acpi:NAL*: acpi:NAL*:
ID_VENDOR_FROM_DATABASE=Network Alchemy ID_VENDOR_FROM_DATABASE=Network Alchemy
@ -304,7 +304,7 @@
acpi:NAT*: acpi:NAT*:
ID_VENDOR_FROM_DATABASE=NaturalPoint Inc. ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
@@ -5476,6 +5547,9 @@ @@ -5473,6 +5544,9 @@
acpi:PCX*: acpi:PCX*:
ID_VENDOR_FROM_DATABASE=PC Xperten ID_VENDOR_FROM_DATABASE=PC Xperten
@ -314,7 +314,7 @@
acpi:PDM*: acpi:PDM*:
ID_VENDOR_FROM_DATABASE=Psion Dacom Plc. ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
@@ -5539,9 +5613,6 @@ @@ -5536,9 +5610,6 @@
acpi:PHE*: acpi:PHE*:
ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
@ -324,7 +324,7 @@
acpi:PHL*: acpi:PHL*:
ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
@@ -5632,9 +5703,6 @@ @@ -5629,9 +5700,6 @@
acpi:PNL*: acpi:PNL*:
ID_VENDOR_FROM_DATABASE=Panelview, Inc. ID_VENDOR_FROM_DATABASE=Panelview, Inc.
@ -334,7 +334,7 @@
acpi:PNR*: acpi:PNR*:
ID_VENDOR_FROM_DATABASE=Planar Systems, Inc. ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
@@ -6112,9 +6180,6 @@ @@ -6109,9 +6177,6 @@
acpi:RTI*: acpi:RTI*:
ID_VENDOR_FROM_DATABASE=Rancho Tech Inc ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
@ -344,7 +344,7 @@
acpi:RTL*: acpi:RTL*:
ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
@@ -6289,9 +6354,6 @@ @@ -6286,9 +6351,6 @@
acpi:SEE*: acpi:SEE*:
ID_VENDOR_FROM_DATABASE=SeeColor Corporation ID_VENDOR_FROM_DATABASE=SeeColor Corporation
@ -354,7 +354,7 @@
acpi:SEI*: acpi:SEI*:
ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
@@ -6775,6 +6837,9 @@ @@ -6772,6 +6834,9 @@
acpi:SVD*: acpi:SVD*:
ID_VENDOR_FROM_DATABASE=SVD Computer ID_VENDOR_FROM_DATABASE=SVD Computer
@ -364,7 +364,7 @@
acpi:SVI*: acpi:SVI*:
ID_VENDOR_FROM_DATABASE=Sun Microsystems ID_VENDOR_FROM_DATABASE=Sun Microsystems
@@ -6859,6 +6924,9 @@ @@ -6856,6 +6921,9 @@
acpi:SZM*: acpi:SZM*:
ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
@ -374,7 +374,7 @@
acpi:TAA*: acpi:TAA*:
ID_VENDOR_FROM_DATABASE=Tandberg ID_VENDOR_FROM_DATABASE=Tandberg
@@ -6949,6 +7017,9 @@ @@ -6946,6 +7014,9 @@
acpi:TDG*: acpi:TDG*:
ID_VENDOR_FROM_DATABASE=Six15 Technologies ID_VENDOR_FROM_DATABASE=Six15 Technologies
@ -384,7 +384,7 @@
acpi:TDM*: acpi:TDM*:
ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
@@ -6991,6 +7062,9 @@ @@ -6988,6 +7059,9 @@
acpi:TEV*: acpi:TEV*:
ID_VENDOR_FROM_DATABASE=Televés, S.A. ID_VENDOR_FROM_DATABASE=Televés, S.A.
@ -394,7 +394,7 @@
acpi:TEZ*: acpi:TEZ*:
ID_VENDOR_FROM_DATABASE=Tech Source Inc. ID_VENDOR_FROM_DATABASE=Tech Source Inc.
@@ -7120,9 +7194,6 @@ @@ -7117,9 +7191,6 @@
acpi:TNC*: acpi:TNC*:
ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
@ -404,7 +404,7 @@
acpi:TNM*: acpi:TNM*:
ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
@@ -7432,14 +7503,14 @@ @@ -7429,14 +7500,14 @@
acpi:UNC*: acpi:UNC*:
ID_VENDOR_FROM_DATABASE=Unisys Corporation ID_VENDOR_FROM_DATABASE=Unisys Corporation
@ -425,7 +425,7 @@
acpi:UNI*: acpi:UNI*:
ID_VENDOR_FROM_DATABASE=Uniform Industry Corp. ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
@@ -7474,6 +7545,9 @@ @@ -7471,6 +7542,9 @@
acpi:USA*: acpi:USA*:
ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
@ -435,7 +435,7 @@
acpi:USD*: acpi:USD*:
ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
@@ -7735,9 +7809,6 @@ @@ -7732,9 +7806,6 @@
acpi:WAL*: acpi:WAL*:
ID_VENDOR_FROM_DATABASE=Wave Access ID_VENDOR_FROM_DATABASE=Wave Access
@ -445,7 +445,7 @@
acpi:WAV*: acpi:WAV*:
ID_VENDOR_FROM_DATABASE=Wavephore ID_VENDOR_FROM_DATABASE=Wavephore
@@ -7865,7 +7936,7 @@ @@ -7862,7 +7933,7 @@
ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
acpi:WYS*: acpi:WYS*:
@ -454,7 +454,7 @@
acpi:WYT*: acpi:WYT*:
ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd. ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
@@ -7879,9 +7950,6 @@ @@ -7876,9 +7947,6 @@
acpi:XDM*: acpi:XDM*:
ID_VENDOR_FROM_DATABASE=XDM Ltd. ID_VENDOR_FROM_DATABASE=XDM Ltd.
@ -464,7 +464,7 @@
acpi:XES*: acpi:XES*:
ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc. ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
@@ -7915,9 +7983,6 @@ @@ -7912,9 +7980,6 @@
acpi:XNT*: acpi:XNT*:
ID_VENDOR_FROM_DATABASE=XN Technologies, Inc. ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
@ -474,7 +474,7 @@
acpi:XQU*: acpi:XQU*:
ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
@@ -7984,6 +8049,9 @@ @@ -7981,6 +8046,9 @@
acpi:ZBX*: acpi:ZBX*:
ID_VENDOR_FROM_DATABASE=Zebax Technologies ID_VENDOR_FROM_DATABASE=Zebax Technologies

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11) KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12) KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
########################################################### ###########################################################
# Maxdata # Maxdata
########################################################### ###########################################################

View File

@ -376,11 +376,12 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:* sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B) # Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B/i18D)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:* sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni18D:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube iWork 10 Flagship # Cube iWork 10 Flagship
@ -952,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:* sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
######################################### #########################################
# Pipo # Pipo
######################################### #########################################

File diff suppressed because it is too large Load Diff

View File

@ -770,12 +770,6 @@ C00000-CFFFFF (base 16) HANGZHOU ZHONGKEJIGUANG TECHNOLOGY CO., LTD
HANGZHOU Zhejiang 310018 HANGZHOU Zhejiang 310018
CN CN
2C-69-1D (hex) SPEEDTECH CORP.
400000-4FFFFF (base 16) SPEEDTECH CORP.
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
2C-69-1D (hex) IBM 2C-69-1D (hex) IBM
800000-8FFFFF (base 16) IBM 800000-8FFFFF (base 16) IBM
9000 South Rita Rd 9000 South Rita Rd
@ -6788,6 +6782,30 @@ AC-EF-92 (hex) CEER NATIONAL AUTOMOTIVE COMPANY
Shanghai 201316 Shanghai 201316
CN CN
0C-47-A9 (hex) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
600000-6FFFFF (base 16) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
103, Bldg1, Meicheng Ind Park, No.4, Xinhe St, Maantang Community, Bantian St, Longgang Dist
Shenzhen Guangdong 518000
CN
EC-74-CD (hex) Bosch (zhuhai) Security Systems Company, Ltd.
A00000-AFFFFF (base 16) Bosch (zhuhai) Security Systems Company, Ltd.
20 Ji Chang Bei Road, Qingwan Industrial Estate, | Sanzao Town, Jinwan District
Zhuhai Guangdong 519040
CN
0C-47-A9 (hex) Shanghai Sigen New Energy Technology Co., Ltd
900000-9FFFFF (base 16) Shanghai Sigen New Energy Technology Co., Ltd
Room 514 The 5th Floor, No.175 Weizhan Road China (Shanghai) Plilot Free Trade Zone
Shanghai 201306
CN
2C-69-1D (hex) SPEEDTECH CORP. JIO
400000-4FFFFF (base 16) SPEEDTECH CORP. JIO
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
B8-4C-87 (hex) Shenzhen Link-all Technology Co., Ltd B8-4C-87 (hex) Shenzhen Link-all Technology Co., Ltd
300000-3FFFFF (base 16) Shenzhen Link-all Technology Co., Ltd 300000-3FFFFF (base 16) Shenzhen Link-all Technology Co., Ltd
Floor 5th, Block 9th, Sunny Industrial Zone, Xili Town, Nanshan District, Shenzhen, China Floor 5th, Block 9th, Sunny Industrial Zone, Xili Town, Nanshan District, Shenzhen, China
@ -13073,6 +13091,18 @@ A00000-AFFFFF (base 16) Lens Technology (Xiangtan) Co.,Ltd
Xiangtan Hunan 411100 Xiangtan Hunan 411100
CN CN
EC-74-CD (hex) Shenzhen Ting-Shine Technology Co., Ltd.
D00000-DFFFFF (base 16) Shenzhen Ting-Shine Technology Co., Ltd.
No. 148, Huarong Road, Longhua District, Shenzhen
Shenzhen Guangdong 518083
CN
EC-74-CD (hex) iSolution Technologies Co.,Ltd.
300000-3FFFFF (base 16) iSolution Technologies Co.,Ltd.
5F,Bldg #6, Zhongguan Honghualing Industrial South Park
Shenzhen Guangdong 518055
CN
B8-4C-87 (hex) Altronix , Corp B8-4C-87 (hex) Altronix , Corp
A00000-AFFFFF (base 16) Altronix , Corp A00000-AFFFFF (base 16) Altronix , Corp
140 58th St. Bldg A, Ste 2N 140 58th St. Bldg A, Ste 2N
@ -19862,6 +19892,48 @@ AC-EF-92 (hex) JiZhiKang (Beijing) Technology Co., Ltd
Beijing 100176 Beijing 100176
CN CN
0C-47-A9 (hex) HONGKONG STONEOIM TECHNOLOGY LIMITED
300000-3FFFFF (base 16) HONGKONG STONEOIM TECHNOLOGY LIMITED
UNIT 1507C,15/F,EASTCORE 398 KWUN TONG ROAD KWUN TONG KL
hongkong hongkong 999077
HK
0C-47-A9 (hex) Annapurna labs
200000-2FFFFF (base 16) Annapurna labs
Matam Scientific Industries Center, Building 8.2
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) BGResearch
E00000-EFFFFF (base 16) BGResearch
5, The Business Centre, Harvard Way, Kimbolton,
Huntingdon. Cambridgeshire PE28 0NJ
GB
EC-74-CD (hex) Platypus
600000-6FFFFF (base 16) Platypus
6, Wonteo-ro 110beon-gil, Jungwon-gu
Gyeonggi-do Seongnam-si 13360
KR
EC-74-CD (hex) Sound Health Systems
900000-9FFFFF (base 16) Sound Health Systems
650B Fremont Ave #65
Los Altos CA 94024
US
EC-74-CD (hex) Hitachi Rail GTS Austria GmbH
B00000-BFFFFF (base 16) Hitachi Rail GTS Austria GmbH
Handelskai 92
Vienna 1200
AT
EC-74-CD (hex) Standard Backhaul Communications
500000-5FFFFF (base 16) Standard Backhaul Communications
333 South Highland Ave
Briarcliff Manor 10510
US
D0-14-11 (hex) P.B. Elettronica srl D0-14-11 (hex) P.B. Elettronica srl
100000-1FFFFF (base 16) P.B. Elettronica srl 100000-1FFFFF (base 16) P.B. Elettronica srl
Via Santorelli, 8 Via Santorelli, 8
@ -26459,6 +26531,12 @@ C00000-CFFFFF (base 16) Senix
0C-47-A9 (hex) Private 0C-47-A9 (hex) Private
400000-4FFFFF (base 16) Private 400000-4FFFFF (base 16) Private
0C-47-A9 (hex) Honest Networks LLC
800000-8FFFFF (base 16) Honest Networks LLC
15 Maiden LnSte 1101
New York NY 10038
US
C8-5C-E2 (hex) Fela Management AG C8-5C-E2 (hex) Fela Management AG
000000-0FFFFF (base 16) Fela Management AG 000000-0FFFFF (base 16) Fela Management AG
Basadingerstrasse 18 Basadingerstrasse 18
@ -33206,8 +33284,20 @@ C00000-CFFFFF (base 16) Annapurna labs
Mail box 15123 Haifa 3508409 Mail box 15123 Haifa 3508409
IL IL
0C-47-A9 (hex) Everon Co., Ltd.
500000-5FFFFF (base 16) Everon Co., Ltd.
3F.Pine Avenue B, 100, Eulji-ro, Jung-gu
Seoul 04551
KR
0C-47-A9 (hex) Shenzhen Hebang Electronic Co., Ltd 0C-47-A9 (hex) Shenzhen Hebang Electronic Co., Ltd
B00000-BFFFFF (base 16) Shenzhen Hebang Electronic Co., Ltd B00000-BFFFFF (base 16) Shenzhen Hebang Electronic Co., Ltd
2nd Floor West, Bldg B, Kelunte Low Carbon Industry Park, Huarong Road, Dalang, Longhua District 2nd Floor West, Bldg B, Kelunte Low Carbon Industry Park, Huarong Road, Dalang, Longhua District
Shenzhen 518000 Shenzhen 518000
CN CN
EC-74-CD (hex) TRANS AUDIO VIDEO SRL
800000-8FFFFF (base 16) TRANS AUDIO VIDEO SRL
Viale Melvin Jones 12
Caserta CE 81100
IT

View File

@ -7457,6 +7457,24 @@ D04000-D04FFF (base 16) Plenty Unlimited Inc
HongKong 999077 HongKong 999077
HK HK
8C-1F-64 (hex) KRYFS TECHNOLOGIES PRIVATE LIMITED
206000-206FFF (base 16) KRYFS TECHNOLOGIES PRIVATE LIMITED
SURVEY NO 231 KHERDI MAIN ROAD NEAR HPCL KHERDI SILVASSA
SILVASSA DADRA AND NAGAR HAVELI 396230
IN
8C-1F-64 (hex) Matrixspace
806000-806FFF (base 16) Matrixspace
1721 Moon Lake BlvdSTE 200
Hoffman Estates IL 60169
US
8C-1F-64 (hex) ENERGY POWER PRODUCTS LIMITED
41B000-41BFFF (base 16) ENERGY POWER PRODUCTS LIMITED
7/F, Room 701, Lucky Centre, 165-171, Wanchai Road
Wanchai 000000
HK
8C-1F-64 (hex) Jacobs Technology, Inc. 8C-1F-64 (hex) Jacobs Technology, Inc.
A98000-A98FFF (base 16) Jacobs Technology, Inc. A98000-A98FFF (base 16) Jacobs Technology, Inc.
7765 Old Telegraph Road 7765 Old Telegraph Road
@ -22361,6 +22379,12 @@ A8C000-A8CFFF (base 16) Elektronik Art
Lublin Lublin 20234 Lublin Lublin 20234
PL PL
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Wuhan YiValley Opto-electric technology Co.,Ltd 8C-1F-64 (hex) Wuhan YiValley Opto-electric technology Co.,Ltd
175000-175FFF (base 16) Wuhan YiValley Opto-electric technology Co.,Ltd 175000-175FFF (base 16) Wuhan YiValley Opto-electric technology Co.,Ltd
A104,1st stage Juxian Building, Hongshan internatinoal enterprise center A104,1st stage Juxian Building, Hongshan internatinoal enterprise center
@ -22379,12 +22403,6 @@ C60000-C60FFF (base 16) Intelligent Security Systems (ISS)
Woodbridge NJ 07095 Woodbridge NJ 07095
US US
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Flow Power 8C-1F-64 (hex) Flow Power
82B000-82BFFF (base 16) Flow Power 82B000-82BFFF (base 16) Flow Power
Suite 2, Level 3, 18 - 20 York St Suite 2, Level 3, 18 - 20 York St
@ -29885,12 +29903,42 @@ BA7000-BA7FFF (base 16) iLensys Technologies PVT LTD
Thiruvananthapuram KERALA 695014 Thiruvananthapuram KERALA 695014
IN IN
8C-1F-64 (hex) Potter Electric Signal Company
FDF000-FDFFFF (base 16) Potter Electric Signal Company
5757 Phantom Drive
Hazelwood MO 63042
US
8C-1F-64 (hex) Hurry-tech 8C-1F-64 (hex) Hurry-tech
F19000-F19FFF (base 16) Hurry-tech F19000-F19FFF (base 16) Hurry-tech
Greenland Central Plaza ,Building 1 of Yard 9,Room 601 Greenland Central Plaza ,Building 1 of Yard 9,Room 601
Beijing Beijing 100089 Beijing Beijing 100089
CN CN
8C-1F-64 (hex) Transit Solutions, LLC.
1BC000-1BCFFF (base 16) Transit Solutions, LLC.
114 West Grandview Avenue
Zelienople PA 16063
US
8C-1F-64 (hex) Ceranext Ltd
394000-394FFF (base 16) Ceranext Ltd
25-27 Demostheni Severi ,Metropolis Tower,Building B',1080 Cyprus
Nicosia 1080
CY
8C-1F-64 (hex) SiFive Inc
E88000-E88FFF (base 16) SiFive Inc
2625 Augustine DriveSuite 101
Santa Clara CA 95054
US
8C-1F-64 (hex) Makel Elektrik Malzemeleri A.Ş.
9B8000-9B8FFF (base 16) Makel Elektrik Malzemeleri A.Ş.
Osmangazi Mah.Mareşal Fevzi Çakmak Cad. No:38 KIRAÇ / Esenyurt
ESENYURT İstanbul 34522
TR
8C-1F-64 (hex) Mobileye 8C-1F-64 (hex) Mobileye
D63000-D63FFF (base 16) Mobileye D63000-D63FFF (base 16) Mobileye
13 Hartom st. 13 Hartom st.
@ -37294,3 +37342,9 @@ BD9000-BD9FFF (base 16) WATTS
C. Valportillo Segunda, 8 bis C. Valportillo Segunda, 8 bis
Alcobendas Madrid 28108 Alcobendas Madrid 28108
ES ES
8C-1F-64 (hex) Mediana Co., Ltd.
159000-159FFF (base 16) Mediana Co., Ltd.
132, Donghwagongdan-ro, Munmak-eup
Wonju-si Gangwon-do 26365
KR

View File

@ -2540,7 +2540,6 @@ AVARRO,RRO,08/07/2023
"LUMINO Licht Elektronik GmbH",LLT,11/07/2023 "LUMINO Licht Elektronik GmbH",LLT,11/07/2023
"Reonel Oy",RNL,01/04/2024 "Reonel Oy",RNL,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024 DemoPad Software Ltd,DEM,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024
"TeamViewer Germany GmbH",TMV,01/04/2024 "TeamViewer Germany GmbH",TMV,01/04/2024
"Pixio USA",PXO,02/14/2024 "Pixio USA",PXO,02/14/2024
"ELARABY COMPANY FOR ENGINEERING INDUSTRIES",EEI,02/14/2024 "ELARABY COMPANY FOR ENGINEERING INDUSTRIES",EEI,02/14/2024

1 Company PNP ID Approved On Date
2540 LUMINO Licht Elektronik GmbH LLT 11/07/2023
2541 Reonel Oy RNL 01/04/2024
2542 DemoPad Software Ltd DEM 01/04/2024
DemoPad Software Ltd DEM 01/04/2024
2543 TeamViewer Germany GmbH TMV 01/04/2024
2544 Pixio USA PXO 02/14/2024
2545 ELARABY COMPANY FOR ENGINEERING INDUSTRIES EEI 02/14/2024

View File

@ -421,7 +421,7 @@
<term><varname>rd.systemd.verity=</varname></term> <term><varname>rd.systemd.verity=</varname></term>
<term><varname>systemd.verity_root_data=</varname></term> <term><varname>systemd.verity_root_data=</varname></term>
<term><varname>systemd.verity_root_hash=</varname></term> <term><varname>systemd.verity_root_hash=</varname></term>
<term><varname>systemd.verity.root_options=</varname></term> <term><varname>systemd.verity_root_options=</varname></term>
<term><varname>usrhash=</varname></term> <term><varname>usrhash=</varname></term>
<term><varname>systemd.verity_usr_data=</varname></term> <term><varname>systemd.verity_usr_data=</varname></term>
<term><varname>systemd.verity_usr_hash=</varname></term> <term><varname>systemd.verity_usr_hash=</varname></term>

View File

@ -265,32 +265,11 @@
</refsect1> </refsect1>
<refsect1> <refsect1>
<title>Options</title> <title>Unlocking</title>
<para>The following options are understood:</para> <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist> <variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term> <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem> <xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term> <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem> <xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term> <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem> <xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term> <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem> <xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry> </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry> <varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term> <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -81,4 +81,7 @@
<para id="v255">Added in version 255.</para> <para id="v255">Added in version 255.</para>
<para id="v256">Added in version 256.</para> <para id="v256">Added in version 256.</para>
<para id="v257">Added in version 257.</para> <para id="v257">Added in version 257.</para>
<para id="v258">Added in version 258.</para>
<para id="v259">Added in version 259.</para>
<para id="v260">Added in version 260.</para>
</refsect1> </refsect1>

View File

@ -2674,6 +2674,14 @@ endif
##################################################################### #####################################################################
ukify_depends = []
foreach executable : ['systemd-measure', 'systemd-sbsign', 'systemd-keyutil']
if executable in executables_by_name
ukify_depends += [executables_by_name[executable]]
endif
endforeach
ukify = custom_target( ukify = custom_target(
'ukify', 'ukify',
input : 'src/ukify/ukify.py', input : 'src/ukify/ukify.py',
@ -2681,6 +2689,7 @@ ukify = custom_target(
command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'], command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
install : want_ukify, install : want_ukify,
install_mode : 'rwxr-xr-x', install_mode : 'rwxr-xr-x',
depends : ukify_depends,
install_dir : bindir) install_dir : bindir)
if want_ukify if want_ukify
public_programs += ukify public_programs += ukify
@ -2700,7 +2709,7 @@ endif
mkosi_depends = public_programs mkosi_depends = public_programs
foreach executable : ['systemd-journal-remote', 'systemd-measure', 'systemd-sbsign', 'systemd-keyutil'] foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
if executable in executables_by_name if executable in executables_by_name
mkosi_depends += [executables_by_name[executable]] mkosi_depends += [executables_by_name[executable]]
endif endif

View File

@ -1 +1 @@
257~rc1 257~rc2

View File

@ -0,0 +1,7 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi

View File

@ -2,10 +2,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later # SPDX-License-Identifier: LGPL-2.1-or-later
set -e set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2 echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1 exit 1

View File

@ -7,7 +7,7 @@ Distribution=arch
Environment= Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main GIT_BRANCH=main
GIT_COMMIT=62c224b60ca150627be58ca2da50f47cc0a5793c GIT_COMMIT=29a73017cd380cd8db070dbd560e229d523b3c79
PKG_SUBDIR=arch PKG_SUBDIR=arch
[Content] [Content]

View File

@ -8,7 +8,7 @@ Distribution=|fedora
Environment= Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide GIT_BRANCH=rawhide
GIT_COMMIT=e42eed4afd6267cd954d393d8eec79e0e7573de0 GIT_COMMIT=7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99
PKG_SUBDIR=fedora PKG_SUBDIR=fedora
[Content] [Content]

View File

@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian GIT_SUBDIR=debian
GIT_BRANCH=debian/master GIT_BRANCH=debian/master
GIT_COMMIT=48fabbd5d240a70fce6712b6161f29b40b2fc7de GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
PKG_SUBDIR=debian PKG_SUBDIR=debian
[Content] [Content]

View File

@ -15,7 +15,7 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-09 20:13+0000\n" "PO-Revision-Date: 2024-11-17 15:48+0000\n"
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-" "Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
"memory@weblate.org>\n" "memory@weblate.org>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/" "Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
@ -187,9 +187,11 @@ msgstr ""
"benötigte Speichermedium oder Dateisystem ein." "benötigte Speichermedium oder Dateisystem ein."
#: src/home/pam_systemd_home.c:298 #: src/home/pam_systemd_home.c:298
#, fuzzy, c-format #, c-format
msgid "Too frequent login attempts for user %s, try again later." msgid "Too frequent login attempts for user %s, try again later."
msgstr "Zu häufige Loginversuche für %s. Bitte später erneut probieren." msgstr ""
"Zu viele Anmeldeversuche für Benutzer %s, versuchen Sie es später noch "
"einmal."
#: src/home/pam_systemd_home.c:310 #: src/home/pam_systemd_home.c:310
msgid "Password: " msgid "Password: "
@ -1189,18 +1191,16 @@ msgid "Subscribe query results"
msgstr "Abfrageergebnisse abonnieren" msgstr "Abfrageergebnisse abonnieren"
#: src/resolve/org.freedesktop.resolve1.policy:144 #: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results." msgid "Authentication is required to subscribe query results."
msgstr "Legitimierung ist zum Versetzen des Systems in Bereitschaft notwendig." msgstr "Legitimierung ist zum Abonnieren von Abfrageergebnissen erforderlich."
#: src/resolve/org.freedesktop.resolve1.policy:154 #: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache" msgid "Dump cache"
msgstr "" msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155 #: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache." msgid "Authentication is required to dump cache."
msgstr "Legitimierung ist zum Festlegen von Domains notwendig." msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:165 #: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state" msgid "Dump server state"
@ -1248,20 +1248,21 @@ msgid "Install specific system version"
msgstr "Spezifische Systemversion installieren" msgstr "Spezifische Systemversion installieren"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56 #: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid "" msgid ""
"Authentication is required to update the system to a specific (possibly old) " "Authentication is required to update the system to a specific (possibly old) "
"version." "version."
msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig." msgstr ""
"Legitimierung ist zum Aktualisieren des Systems auf eine bestimmte ("
"möglicherweise alte) Version erforderlich."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65 #: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates" msgid "Cleanup old system updates"
msgstr "Alte Systemaktualisierungen bereinigen" msgstr "Alte Systemaktualisierungen bereinigen"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66 #: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates." msgid "Authentication is required to cleanup old system updates."
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig." msgstr ""
"Legitimierung ist zum Bereinigen alter Systemaktualisierungen erforderlich."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
@ -1269,11 +1270,8 @@ msgstr "Optionale Funktionen verwalten"
# https://www.freedesktop.org/software/systemd/man/sd-login.html # https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "" msgstr "Legitimierung ist zur Verwaltung optionaler Funktionen erforderlich"
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
"Arbeitsstationen notwendig."
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -3,12 +3,13 @@
# Finnish translation of systemd. # Finnish translation of systemd.
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023. # Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024. # Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
msgid "" msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-09-12 13:43+0000\n" "PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n" "Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
"main/fi/>\n" "main/fi/>\n"
"Language: fi\n" "Language: fi\n"
@ -16,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n" "Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.7.2\n" "X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22 #: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system" msgid "Send passphrase back to system"
@ -112,14 +113,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi." msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area" msgid "Update your home area"
msgstr "Päivitä kotialue" msgstr "Päivitä kotialue"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi." msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1174,14 +1173,11 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "" msgstr "Hallitse valinnaisia ominaisuuksia"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "" msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
"hallintaan."
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -12,7 +12,7 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n" "PO-Revision-Date: 2024-11-23 10:38+0000\n"
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n" "Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/" "Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
"main/fr/>\n" "main/fr/>\n"
@ -360,8 +360,8 @@ msgid ""
"Authentication is required to set the statically configured local hostname, " "Authentication is required to set the statically configured local hostname, "
"as well as the pretty hostname." "as well as the pretty hostname."
msgstr "" msgstr ""
"Une authentification est requise pour définir le nom d'hôte local de manière " "Une authentification est requise pour définir le nom d'hôte local configuré "
"statique, ainsi que le nom d'hôte familier." "de manière statique, ainsi que le nom d'hôte convivial."
#: src/hostname/org.freedesktop.hostname1.policy:41 #: src/hostname/org.freedesktop.hostname1.policy:41
msgid "Set machine information" msgid "Set machine information"
@ -1258,7 +1258,7 @@ msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "Gérer les fonctionnalités en option" msgstr "Gérer les fonctionnalités facultatives"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"

114
po/he.po
View File

@ -1,22 +1,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later # SPDX-License-Identifier: LGPL-2.1-or-later
# #
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023. # Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: systemd\n" "Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2023-11-22 00:01+0000\n" "PO-Revision-Date: 2024-11-19 07:38+0000\n"
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n" "Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/" "Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
"master/he/>\n" "main/he/>\n"
"Language: he\n" "Language: he\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && " "Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
"n % 10 == 0) ? 2 : 3));\n" "n % 10 == 0) ? 2 : 3));\n"
"X-Generator: Weblate 5.2\n" "X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22 #: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system" msgid "Send passphrase back to system"
@ -106,14 +106,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש." msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area" msgid "Update your home area"
msgstr "עדכון אזור בית" msgstr "עדכון אזור הבית שלך"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש." msgstr "נדרש אימות כדי לעדכן את אזור הבית שלך."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -133,14 +131,12 @@ msgid ""
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש." msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:83 #: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area" msgid "Activate a home area"
msgstr "יצירת אזור בית" msgstr "הפעלת אזור בית"
#: src/home/org.freedesktop.home1.policy:84 #: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area." msgid "Authentication is required to activate a user's home area."
msgstr "נדרש אימות כדי ליצור אזור בית למשתמש." msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש."
#: src/home/pam_systemd_home.c:293 #: src/home/pam_systemd_home.c:293
#, c-format #, c-format
@ -351,46 +347,37 @@ msgid "Authentication is required to get system description."
msgstr "נדרש אימות כדי למשוך את תיאור המערכת." msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
#: src/import/org.freedesktop.import1.policy:22 #: src/import/org.freedesktop.import1.policy:22
#, fuzzy
msgid "Import a disk image" msgid "Import a disk image"
msgstr "לייבא מכונה וירטואלית או דמות של מכולה (container image)" msgstr "ייבוא דמות כונן"
#: src/import/org.freedesktop.import1.policy:23 #: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image." msgid "Authentication is required to import an image."
msgstr "" msgstr "נדרש אימות כדי לייבא דמות."
"נדרש אימות כדי לייבא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:32 #: src/import/org.freedesktop.import1.policy:32
#, fuzzy
msgid "Export a disk image" msgid "Export a disk image"
msgstr "ייצוא מכונה וירטואלית או דמות של מכולה (container image)" msgstr "ייצוא דמות כונן"
#: src/import/org.freedesktop.import1.policy:33 #: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image." msgid "Authentication is required to export disk image."
msgstr "" msgstr "נדרש אימות כדי לייצא דמות כונן."
"נדרש אימות כדי לייצא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:42 #: src/import/org.freedesktop.import1.policy:42
#, fuzzy
msgid "Download a disk image" msgid "Download a disk image"
msgstr "הורדת מכונה וירטואלית או דמות מכולה" msgstr "הורדת דמות כונן"
#: src/import/org.freedesktop.import1.policy:43 #: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image." msgid "Authentication is required to download a disk image."
msgstr "נדרש אימות כדי להוריד מכונה וירטואלית או דמות מכולה" msgstr "נדרש אימות כדי להוריד דמות כונן."
#: src/import/org.freedesktop.import1.policy:52 #: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image" msgid "Cancel transfer of a disk image"
msgstr "" msgstr "ביטול העברה של דמות כונן"
#: src/import/org.freedesktop.import1.policy:53 #: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid "" msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image." "Authentication is required to cancel the ongoing transfer of a disk image."
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש." msgstr "נדרש אימות כדי לבטל העברה של דמות כונן שמתבצעת בזמן אמת."
#: src/locale/org.freedesktop.locale1.policy:22 #: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale" msgid "Set system locale"
@ -732,9 +719,8 @@ msgid "Set a wall message"
msgstr "הגדרת הודעת קיר" msgstr "הגדרת הודעת קיר"
#: src/login/org.freedesktop.login1.policy:397 #: src/login/org.freedesktop.login1.policy:397
#, fuzzy
msgid "Authentication is required to set a wall message." msgid "Authentication is required to set a wall message."
msgstr "נדרש אימות כדי להגדיר הודעת קיר" msgstr "נדרש אימות כדי להגדיר הודעת קיר."
#: src/login/org.freedesktop.login1.policy:406 #: src/login/org.freedesktop.login1.policy:406
msgid "Change Session" msgid "Change Session"
@ -804,16 +790,14 @@ msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות." "נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:95 #: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container" msgid "Create a local virtual machine or container"
msgstr "ניהול מכונות וירטואליות ומכולות מקומיות" msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
#: src/machine/org.freedesktop.machine1.policy:96 #: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid "" msgid ""
"Authentication is required to create a local virtual machine or container." "Authentication is required to create a local virtual machine or container."
msgstr "" msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות." "נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:106 #: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images" msgid "Manage local virtual machine and container images"
@ -965,13 +949,13 @@ msgstr "נדרש אימות כדי להגדיר כרטיס רשת מחדש."
#: src/network/org.freedesktop.network1.policy:187 #: src/network/org.freedesktop.network1.policy:187
msgid "Specify whether persistent storage for systemd-networkd is available" msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr "" msgstr "נא לציין האם יש אחסון קבוע זמין ל־systemd-networkd"
#: src/network/org.freedesktop.network1.policy:188 #: src/network/org.freedesktop.network1.policy:188
msgid "" msgid ""
"Authentication is required to specify whether persistent storage for systemd-" "Authentication is required to specify whether persistent storage for systemd-"
"networkd is available." "networkd is available."
msgstr "" msgstr "נדרש אימות כדי לציין האם אחסון קבוע זמין ל־systemd-networkd."
#: src/portable/org.freedesktop.portable1.policy:13 #: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image" msgid "Inspect a portable service image"
@ -1004,18 +988,16 @@ msgid "Register a DNS-SD service"
msgstr "רישום שירות DNS-SD" msgstr "רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:23 #: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service." msgid "Authentication is required to register a DNS-SD service."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD" msgstr "נדרש אימות כדי לרשום שירות DNS-SD."
#: src/resolve/org.freedesktop.resolve1.policy:33 #: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service" msgid "Unregister a DNS-SD service"
msgstr "ביטול רישום שירות DNS-SD" msgstr "ביטול רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:34 #: src/resolve/org.freedesktop.resolve1.policy:34
#, fuzzy
msgid "Authentication is required to unregister a DNS-SD service." msgid "Authentication is required to unregister a DNS-SD service."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD" msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD."
#: src/resolve/org.freedesktop.resolve1.policy:132 #: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings" msgid "Revert name resolution settings"
@ -1027,95 +1009,85 @@ msgstr "נדרש אימות כדי לאפס את הגדרות פתרון השמ
#: src/resolve/org.freedesktop.resolve1.policy:143 #: src/resolve/org.freedesktop.resolve1.policy:143
msgid "Subscribe query results" msgid "Subscribe query results"
msgstr "" msgstr "רישום לתוצאות שאילתה"
#: src/resolve/org.freedesktop.resolve1.policy:144 #: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results." msgid "Authentication is required to subscribe query results."
msgstr "נדרש אימות כדי להשהות את המערכת." msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
#: src/resolve/org.freedesktop.resolve1.policy:154 #: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache" msgid "Dump cache"
msgstr "" msgstr "היטל המטמון"
#: src/resolve/org.freedesktop.resolve1.policy:155 #: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache." msgid "Authentication is required to dump cache."
msgstr "נדרש אימות כדי להגדיר שמות תחום." msgstr "נדרש אימות כדי להטיל את המטמון."
#: src/resolve/org.freedesktop.resolve1.policy:165 #: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state" msgid "Dump server state"
msgstr "" msgstr "היטל מצב השרת"
#: src/resolve/org.freedesktop.resolve1.policy:166 #: src/resolve/org.freedesktop.resolve1.policy:166
#, fuzzy
msgid "Authentication is required to dump server state." msgid "Authentication is required to dump server state."
msgstr "נדרש אימות כדי להגדיר שרתי NTP." msgstr "נדרש אימות כדי להטיל את מצב השרת."
#: src/resolve/org.freedesktop.resolve1.policy:176 #: src/resolve/org.freedesktop.resolve1.policy:176
msgid "Dump statistics" msgid "Dump statistics"
msgstr "" msgstr "היטל סטטיסטיקה"
#: src/resolve/org.freedesktop.resolve1.policy:177 #: src/resolve/org.freedesktop.resolve1.policy:177
#, fuzzy
msgid "Authentication is required to dump statistics." msgid "Authentication is required to dump statistics."
msgstr "נדרש אימות כדי להגדיר שמות תחום." msgstr "נדרש אימות כדי להטיל סטטיסטיקה."
#: src/resolve/org.freedesktop.resolve1.policy:187 #: src/resolve/org.freedesktop.resolve1.policy:187
msgid "Reset statistics" msgid "Reset statistics"
msgstr "" msgstr "איפוס סטטיסטיקה"
#: src/resolve/org.freedesktop.resolve1.policy:188 #: src/resolve/org.freedesktop.resolve1.policy:188
#, fuzzy
msgid "Authentication is required to reset statistics." msgid "Authentication is required to reset statistics."
msgstr "נדרש אימות כדי לאפס הגדרות NTP." msgstr "נדרש אימות כדי לאפס סטטיסטיקה."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35 #: src/sysupdate/org.freedesktop.sysupdate1.policy:35
msgid "Check for system updates" msgid "Check for system updates"
msgstr "" msgstr "חיפוש עדכוני מערכת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36 #: src/sysupdate/org.freedesktop.sysupdate1.policy:36
#, fuzzy
msgid "Authentication is required to check for system updates." msgid "Authentication is required to check for system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת." msgstr "נדרש אימות כדי לחפש עדכוני מערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45 #: src/sysupdate/org.freedesktop.sysupdate1.policy:45
msgid "Install system updates" msgid "Install system updates"
msgstr "" msgstr "התקנת עדכוני מערכת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46 #: src/sysupdate/org.freedesktop.sysupdate1.policy:46
#, fuzzy
msgid "Authentication is required to install system updates." msgid "Authentication is required to install system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת." msgstr "נדרש אימות כדי להתקין עדכוני מערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55 #: src/sysupdate/org.freedesktop.sysupdate1.policy:55
msgid "Install specific system version" msgid "Install specific system version"
msgstr "" msgstr "התקנת גרסת מערכת מסוימת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56 #: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid "" msgid ""
"Authentication is required to update the system to a specific (possibly old) " "Authentication is required to update the system to a specific (possibly old) "
"version." "version."
msgstr "נדרש אימות כדי להגדיר את אזור הזמן של המערכת." msgstr "נדרש אימות כדי לעדכן את המערכת לגרסה מסוימת (כנראה ישנה)."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65 #: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates" msgid "Cleanup old system updates"
msgstr "" msgstr "ניקוי עדכוני מערכת ישנים"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66 #: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates." msgid "Authentication is required to cleanup old system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת." msgstr "נדרש אימות כדי לנקות עדכוני מערכת ישנים."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "" msgstr "ניהול יכולות רשות"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "נדרש אימות כדי לנהל הפעלות, משתמשים ומושבים פעילים." msgstr "נדרש אימות כדי לנהל יכולות רשות"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -6,7 +6,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-18 12:55+0900\n"
"PO-Revision-Date: 2021-09-09 03:04+0000\n" "PO-Revision-Date: 2021-09-09 03:04+0000\n"
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n" "Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
@ -106,14 +106,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。" msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area" msgid "Update your home area"
msgstr "ホーム領域の更新" msgstr "ホーム領域の更新"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。" msgstr "ホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1120,12 +1118,11 @@ msgstr "過去のシステム更新を削除するには認証が必要です。
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "" msgstr "任意の機能の管理"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "アクティブなセッションやユーザ,シートを管理するには認証が必要です。" msgstr "任意の機能を管理するには認証が必要です。"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -14,7 +14,7 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n" "PO-Revision-Date: 2024-11-17 13:38+0000\n"
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n" "Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/" "Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
"main/ru/>\n" "main/ru/>\n"
@ -1280,7 +1280,7 @@ msgstr "Управление дополнительными функциями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "" msgstr ""
"Для управления дополнительными функциями необходимо пройти аутентификацию." "Для управления дополнительными функциями необходимо пройти аутентификацию"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -7,7 +7,7 @@ msgstr ""
"Project-Id-Version: systemd\n" "Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-08-26 19:38+0000\n" "PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n" "Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/" "Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
"systemd/main/sl/>\n" "systemd/main/sl/>\n"
@ -17,7 +17,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || " "Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
"n%100==4 ? 2 : 3;\n" "n%100==4 ? 2 : 3;\n"
"X-Generator: Weblate 5.7\n" "X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22 #: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system" msgid "Send passphrase back to system"
@ -125,16 +125,13 @@ msgstr ""
"območja." "območja."
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area" msgid "Update your home area"
msgstr "Posodobite domače območje" msgstr "Posodobite domače območje"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "" msgstr ""
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega " "Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
"območja."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1234,14 +1231,12 @@ msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "" msgstr "Upravljaj dodatne funkcionalnosti"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "" msgstr ""
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov " "Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
"in delovišč."
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -4,11 +4,12 @@
# Eugene Melnik <jeka7js@gmail.com>, 2014. # Eugene Melnik <jeka7js@gmail.com>, 2014.
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018. # Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024. # Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
msgid "" msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-08-24 10:36+0000\n" "PO-Revision-Date: 2024-11-21 19:38+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n" "systemd/main/uk/>\n"
@ -18,7 +19,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n" "Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Generator: Weblate 5.7\n" "X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22 #: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system" msgid "Send passphrase back to system"
@ -118,14 +119,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання." msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area" msgid "Update your home area"
msgstr "Оновлення домашньої теки" msgstr "Оновлення домашньої області"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання." msgstr "Для оновлення домашньої області слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1212,14 +1211,11 @@ msgstr "Для вилучення застарілих оновлень сист
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75 #: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features" msgid "Manage optional features"
msgstr "" msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "" msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
"пройти розпізнавання."
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -38,19 +38,12 @@ __get_tpm2_devices() {
done done
} }
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() { _systemd_cryptenroll() {
local comps local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=( local -A OPTS=(
[STANDALONE]='-h --help --version [STANDALONE]='-h --help --version
--password --recovery-key' --password --recovery-key --list-devices'
[ARG]='--unlock-key-file [ARG]='--unlock-key-file
--unlock-fido2-device --unlock-fido2-device
--unlock-tpm2-device --unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
return 0 return 0
fi fi
comps=$(__get_block_devices) comps=$(systemd-cryptenroll --list-devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") ) COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0 return 0
} }

View File

@ -799,16 +799,20 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
continue; continue;
} }
char *path = strdup(e + 1); _cleanup_free_ char *path = strdup(e + 1);
if (!path) if (!path)
return -ENOMEM; return -ENOMEM;
/* Refuse cgroup paths from outside our cgroup namespace */
if (startswith(path, "/../"))
return -EUNATCH;
/* Truncate suffix indicating the process is a zombie */ /* Truncate suffix indicating the process is a zombie */
e = endswith(path, " (deleted)"); e = endswith(path, " (deleted)");
if (e) if (e)
*e = 0; *e = 0;
*ret_path = path; *ret_path = TAKE_PTR(path);
return 0; return 0;
} }
} }

View File

@ -21,7 +21,7 @@
#define AUTOFS_MIN_PROTO_VERSION 3 #define AUTOFS_MIN_PROTO_VERSION 3
#define AUTOFS_MAX_PROTO_VERSION 5 #define AUTOFS_MAX_PROTO_VERSION 5
#define AUTOFS_PROTO_SUBVERSION 5 #define AUTOFS_PROTO_SUBVERSION 6
/* /*
* The wait_queue_token (autofs_wqt_t) is part of a structure which is passed * The wait_queue_token (autofs_wqt_t) is part of a structure which is passed

View File

@ -1121,6 +1121,9 @@ enum bpf_attach_type {
#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE #define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
/* Add BPF_LINK_TYPE(type, name) in bpf_types.h to keep bpf_link_type_strs[]
* in sync with the definitions below.
*/
enum bpf_link_type { enum bpf_link_type {
BPF_LINK_TYPE_UNSPEC = 0, BPF_LINK_TYPE_UNSPEC = 0,
BPF_LINK_TYPE_RAW_TRACEPOINT = 1, BPF_LINK_TYPE_RAW_TRACEPOINT = 1,
@ -2851,7 +2854,7 @@ union bpf_attr {
* **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**, * **TCP_SYNCNT**, **TCP_USER_TIMEOUT**, **TCP_NOTSENT_LOWAT**,
* **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**, * **TCP_NODELAY**, **TCP_MAXSEG**, **TCP_WINDOW_CLAMP**,
* **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**, * **TCP_THIN_LINEAR_TIMEOUTS**, **TCP_BPF_DELACK_MAX**,
* **TCP_BPF_RTO_MIN**. * **TCP_BPF_RTO_MIN**, **TCP_BPF_SOCK_OPS_CB_FLAGS**.
* * **IPPROTO_IP**, which supports *optname* **IP_TOS**. * * **IPPROTO_IP**, which supports *optname* **IP_TOS**.
* * **IPPROTO_IPV6**, which supports the following *optname*\ s: * * **IPPROTO_IPV6**, which supports the following *optname*\ s:
* **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**. * **IPV6_TCLASS**, **IPV6_AUTOFLOWLABEL**.
@ -5519,11 +5522,12 @@ union bpf_attr {
* **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if * **-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
* invalid arguments are passed. * invalid arguments are passed.
* *
* void *bpf_kptr_xchg(void *map_value, void *ptr) * void *bpf_kptr_xchg(void *dst, void *ptr)
* Description * Description
* Exchange kptr at pointer *map_value* with *ptr*, and return the * Exchange kptr at pointer *dst* with *ptr*, and return the old value.
* old value. *ptr* can be NULL, otherwise it must be a referenced * *dst* can be map value or local kptr. *ptr* can be NULL, otherwise
* pointer which will be released when this helper is called. * it must be a referenced pointer which will be released when this helper
* is called.
* Return * Return
* The old value of kptr (which can be NULL). The returned pointer * The old value of kptr (which can be NULL). The returned pointer
* if not NULL, is a reference which must be released using its * if not NULL, is a reference which must be released using its
@ -6046,11 +6050,6 @@ enum {
BPF_F_MARK_ENFORCE = (1ULL << 6), BPF_F_MARK_ENFORCE = (1ULL << 6),
}; };
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
enum {
BPF_F_INGRESS = (1ULL << 0),
};
/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */ /* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
enum { enum {
BPF_F_TUNINFO_IPV6 = (1ULL << 0), BPF_F_TUNINFO_IPV6 = (1ULL << 0),
@ -6197,10 +6196,12 @@ enum {
BPF_F_BPRM_SECUREEXEC = (1ULL << 0), BPF_F_BPRM_SECUREEXEC = (1ULL << 0),
}; };
/* Flags for bpf_redirect_map helper */ /* Flags for bpf_redirect and bpf_redirect_map helpers */
enum { enum {
BPF_F_BROADCAST = (1ULL << 3), BPF_F_INGRESS = (1ULL << 0), /* used for skb path */
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), BPF_F_BROADCAST = (1ULL << 3), /* used for XDP path */
BPF_F_EXCLUDE_INGRESS = (1ULL << 4), /* used for XDP path */
#define BPF_F_REDIRECT_FLAGS (BPF_F_INGRESS | BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS)
}; };
#define __bpf_md_ptr(type, name) \ #define __bpf_md_ptr(type, name) \
@ -7080,6 +7081,7 @@ enum {
TCP_BPF_SYN = 1005, /* Copy the TCP header */ TCP_BPF_SYN = 1005, /* Copy the TCP header */
TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */ TCP_BPF_SYN_IP = 1006, /* Copy the IP[46] and TCP header */
TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */ TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */
TCP_BPF_SOCK_OPS_CB_FLAGS = 1008, /* Get or Set TCP sock ops flags */
}; };
enum { enum {
@ -7512,4 +7514,13 @@ struct bpf_iter_num {
__u64 __opaque[1]; __u64 __opaque[1];
} __attribute__((aligned(8))); } __attribute__((aligned(8)));
/*
* Flags to control BPF kfunc behaviour.
* - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective
* helper documentation for details.)
*/
enum bpf_kfunc_flags {
BPF_F_PAD_ZEROS = (1ULL << 0),
};
#endif /* __LINUX_BPF_H__ */ #endif /* __LINUX_BPF_H__ */

View File

@ -28,6 +28,23 @@
#define _BITUL(x) (_UL(1) << (x)) #define _BITUL(x) (_UL(1) << (x))
#define _BITULL(x) (_ULL(1) << (x)) #define _BITULL(x) (_ULL(1) << (x))
#if !defined(__ASSEMBLY__)
/*
* Missing __asm__ support
*
* __BIT128() would not work in the __asm__ code, as it shifts an
* 'unsigned __init128' data type as direct representation of
* 128 bit constants is not supported in the gcc compiler, as
* they get silently truncated.
*
* TODO: Please revisit this implementation when gcc compiler
* starts representing 128 bit constants directly like long
* and unsigned long etc. Subsequently drop the comment for
* GENMASK_U128() which would then start supporting __asm__ code.
*/
#define _BIT128(x) ((unsigned __int128)(1) << (x))
#endif
#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1) #define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (__typeof__(x))(a) - 1)
#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))

View File

@ -2531,4 +2531,20 @@ struct ethtool_link_settings {
* __u32 map_lp_advertising[link_mode_masks_nwords]; * __u32 map_lp_advertising[link_mode_masks_nwords];
*/ */
}; };
/**
* enum phy_upstream - Represents the upstream component a given PHY device
* is connected to, as in what is on the other end of the MII bus. Most PHYs
* will be attached to an Ethernet MAC controller, but in some cases, there's
* an intermediate PHY used as a media-converter, which will driver another
* MII interface as its output.
* @PHY_UPSTREAM_MAC: Upstream component is a MAC (a switch port,
* or ethernet controller)
* @PHY_UPSTREAM_PHY: Upstream component is a PHY (likely a media converter)
*/
enum phy_upstream {
PHY_UPSTREAM_MAC,
PHY_UPSTREAM_PHY,
};
#endif /* _LINUX_ETHTOOL_H */ #endif /* _LINUX_ETHTOOL_H */

View File

@ -67,6 +67,7 @@ enum {
FRA_IP_PROTO, /* ip proto */ FRA_IP_PROTO, /* ip proto */
FRA_SPORT_RANGE, /* sport */ FRA_SPORT_RANGE, /* sport */
FRA_DPORT_RANGE, /* dport */ FRA_DPORT_RANGE, /* dport */
FRA_DSCP, /* dscp */
__FRA_MAX __FRA_MAX
}; };

View File

@ -230,8 +230,8 @@ struct tpacket_hdr_v1 {
* ts_first_pkt: * ts_first_pkt:
* Is always the time-stamp when the block was opened. * Is always the time-stamp when the block was opened.
* Case a) ZERO packets * Case a) ZERO packets
* No packets to deal with but atleast you know the * No packets to deal with but at least you know
* time-interval of this block. * the time-interval of this block.
* Case b) Non-zero packets * Case b) Non-zero packets
* Use the ts of the first packet in the block. * Use the ts of the first packet in the block.
* *
@ -265,7 +265,8 @@ enum tpacket_versions {
- struct tpacket_hdr - struct tpacket_hdr
- pad to TPACKET_ALIGNMENT=16 - pad to TPACKET_ALIGNMENT=16
- struct sockaddr_ll - struct sockaddr_ll
- Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16 - Gap, chosen so that packet data (Start+tp_net) aligns to
TPACKET_ALIGNMENT=16
- Start+tp_mac: [ Optional MAC header ] - Start+tp_mac: [ Optional MAC header ]
- Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16. - Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
- Pad to align to TPACKET_ALIGNMENT=16 - Pad to align to TPACKET_ALIGNMENT=16

View File

@ -141,7 +141,7 @@ struct in_addr {
*/ */
#define IP_PMTUDISC_INTERFACE 4 #define IP_PMTUDISC_INTERFACE 4
/* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get /* weaker version of IP_PMTUDISC_INTERFACE, which allows packets to get
* fragmented if they exeed the interface mtu * fragmented if they exceed the interface mtu
*/ */
#define IP_PMTUDISC_OMIT 5 #define IP_PMTUDISC_OMIT 5

View File

@ -140,25 +140,6 @@
#endif /* _NETINET_IN_H */ #endif /* _NETINET_IN_H */
/* Coordinate with glibc netipx/ipx.h header. */
#if defined(__NETIPX_IPX_H)
#define __UAPI_DEF_SOCKADDR_IPX 0
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
#define __UAPI_DEF_IPX_CONFIG_DATA 0
#define __UAPI_DEF_IPX_ROUTE_DEF 0
#else /* defined(__NETIPX_IPX_H) */
#define __UAPI_DEF_SOCKADDR_IPX 1
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif /* defined(__NETIPX_IPX_H) */
/* Definitions for xattr.h */ /* Definitions for xattr.h */
#if defined(_SYS_XATTR_H) #if defined(_SYS_XATTR_H)
#define __UAPI_DEF_XATTR 0 #define __UAPI_DEF_XATTR 0
@ -240,23 +221,6 @@
#define __UAPI_DEF_IP6_MTUINFO 1 #define __UAPI_DEF_IP6_MTUINFO 1
#endif #endif
/* Definitions for ipx.h */
#ifndef __UAPI_DEF_SOCKADDR_IPX
#define __UAPI_DEF_SOCKADDR_IPX 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_CONFIG_DATA
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEF
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif
/* Definitions for xattr.h */ /* Definitions for xattr.h */
#ifndef __UAPI_DEF_XATTR #ifndef __UAPI_DEF_XATTR
#define __UAPI_DEF_XATTR 1 #define __UAPI_DEF_XATTR 1

View File

@ -436,7 +436,7 @@ enum nft_set_elem_flags {
* @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data) * @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
* @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes) * @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
* @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32) * @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
* @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64) * @NFTA_SET_ELEM_TIMEOUT: timeout value, zero means never times out (NLA_U64)
* @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64) * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
* @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
* @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes) * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
@ -1694,7 +1694,7 @@ enum nft_flowtable_flags {
* *
* @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_FLOWTABLE_TABLE: name of the table containing the expression (NLA_STRING)
* @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING) * @NFTA_FLOWTABLE_NAME: name of this flow table (NLA_STRING)
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration (NLA_NESTED)
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
* @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32) * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)

View File

@ -16,10 +16,15 @@ struct nhmsg {
struct nexthop_grp { struct nexthop_grp {
__u32 id; /* nexthop id - must exist */ __u32 id; /* nexthop id - must exist */
__u8 weight; /* weight of this nexthop */ __u8 weight; /* weight of this nexthop */
__u8 resvd1; __u8 weight_high; /* high order bits of weight */
__u16 resvd2; __u16 resvd2;
}; };
static __inline__ __u16 nexthop_grp_weight(const struct nexthop_grp *entry)
{
return ((entry->weight_high << 8) | entry->weight) + 1;
}
enum { enum {
NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group NEXTHOP_GRP_TYPE_MPATH, /* hash-threshold nexthop group
* default type if not specified * default type if not specified
@ -33,6 +38,9 @@ enum {
#define NHA_OP_FLAG_DUMP_STATS BIT(0) #define NHA_OP_FLAG_DUMP_STATS BIT(0)
#define NHA_OP_FLAG_DUMP_HW_STATS BIT(1) #define NHA_OP_FLAG_DUMP_HW_STATS BIT(1)
/* Response OP_FLAGS. */
#define NHA_OP_FLAG_RESP_GRP_RESVD_0 BIT(31) /* Dump clears resvd fields. */
enum { enum {
NHA_UNSPEC, NHA_UNSPEC,
NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */ NHA_ID, /* u32; id for nexthop. id == 0 means auto-assign */

View File

@ -531,20 +531,24 @@ int is_idmapping_supported(const char *path) {
userns_fd = userns_acquire(uid_map, gid_map); userns_fd = userns_acquire(uid_map, gid_map);
if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd)) if (ERRNO_IS_NEG_NOT_SUPPORTED(userns_fd) || ERRNO_IS_NEG_PRIVILEGE(userns_fd))
return false; return false;
if (userns_fd == -ENOSPC) {
log_debug_errno(userns_fd, "Failed to acquire new user namespace, user.max_user_namespaces seems to be exhausted or maybe even zero, assuming ID-mapping is not supported: %m");
return false;
}
if (userns_fd < 0) if (userns_fd < 0)
return log_debug_errno(userns_fd, "ID-mapping supported namespace acquire failed for '%s' : %m", path); return log_debug_errno(userns_fd, "Failed to acquire new user namespace for checking if '%s' supports ID-mapping: %m", path);
dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW)); dir_fd = RET_NERRNO(open(path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd)) if (ERRNO_IS_NEG_NOT_SUPPORTED(dir_fd))
return false; return false;
if (dir_fd < 0) if (dir_fd < 0)
return log_debug_errno(dir_fd, "ID-mapping supported open failed for '%s' : %m", path); return log_debug_errno(dir_fd, "Failed to open '%s', cannot determine if ID-mapping is supported: %m", path);
mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC)); mount_fd = RET_NERRNO(open_tree(dir_fd, "", AT_EMPTY_PATH | OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC));
if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL) if (ERRNO_IS_NEG_NOT_SUPPORTED(mount_fd) || ERRNO_IS_NEG_PRIVILEGE(mount_fd) || mount_fd == -EINVAL)
return false; return false;
if (mount_fd < 0) if (mount_fd < 0)
return log_debug_errno(mount_fd, "ID-mapping supported open_tree failed for '%s' : %m", path); return log_debug_errno(mount_fd, "Failed to open mount tree '%s', cannot determine if ID-mapping is supported: %m", path);
r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH, r = RET_NERRNO(mount_setattr(mount_fd, "", AT_EMPTY_PATH,
&(struct mount_attr) { &(struct mount_attr) {
@ -554,7 +558,7 @@ int is_idmapping_supported(const char *path) {
if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL) if (ERRNO_IS_NEG_NOT_SUPPORTED(r) || ERRNO_IS_NEG_PRIVILEGE(r) || r == -EINVAL)
return false; return false;
if (r < 0) if (r < 0)
return log_debug_errno(r, "ID-mapping supported setattr failed for '%s' : %m", path); return log_debug_errno(r, "Failed to set mount attribute to '%s', cannot determine if ID-mapping is supported: %m", path);
return true; return true;
} }

View File

@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
_cleanup_free_ char *escaped = NULL, *comm = NULL; _cleanup_free_ char *escaped = NULL, *comm = NULL;
int r; int r;
assert(ret);
assert(pid >= 0); assert(pid >= 0);
assert(ret);
if (pid == 0 || pid == getpid_cached()) { if (pid == 0 || pid == getpid_cached()) {
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */ comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_comm(pid->pid, &comm); r = pid_get_comm(pid->pid, &comm);
if (r < 0) if (r < 0)
return r; return r;
@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline(pid->pid, max_columns, flags, &s); r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
if (r < 0) if (r < 0)
return r; return r;
@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline_strv(pid->pid, flags, &args); r = pid_get_cmdline_strv(pid->pid, flags, &args);
if (r < 0) if (r < 0)
return r; return r;
@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_kernel_thread(pid->pid); result = pid_is_kernel_thread(pid->pid);
if (result < 0) if (result < 0)
return result; return result;
@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_uid(pid->pid, &uid); r = pid_get_uid(pid->pid, &uid);
if (r < 0) if (r < 0)
return r; return r;
@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_start_time(pid->pid, ret ? &t : NULL); r = pid_get_start_time(pid->pid, ret ? &t : NULL);
if (r < 0) if (r < 0)
return r; return r;
@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_my_child(pid->pid); result = pid_is_my_child(pid->pid);
if (result < 0) if (result < 0)
return result; return result;
@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
if (!pidref_is_set(pid)) if (!pidref_is_set(pid))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
if (pid->pid == 1 || pidref_is_self(pid)) if (pid->pid == 1 || pidref_is_self(pid))
return true; return true;
@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
if (!pidref_is_set(pidref)) if (!pidref_is_set(pidref))
return -ESRCH; return -ESRCH;
if (pidref_is_remote(pidref))
return -EREMOTE;
result = pid_is_alive(pidref->pid); result = pid_is_alive(pidref->pid);
if (result < 0) { if (result < 0) {
assert(result != -ESRCH); assert(result != -ESRCH);

View File

@ -220,9 +220,9 @@ static int synthesize_user_creds(
if (ret_gid) if (ret_gid)
*ret_gid = GID_NOBODY; *ret_gid = GID_NOBODY;
if (ret_home) if (ret_home)
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/"; *ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
if (ret_shell) if (ret_shell)
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN; *ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
return 0; return 0;
} }
@ -244,6 +244,7 @@ int get_user_creds(
assert(username); assert(username);
assert(*username); assert(*username);
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) || if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
(!ret_home && !ret_shell)) { (!ret_home && !ret_shell)) {
@ -315,17 +316,14 @@ int get_user_creds(
if (ret_home) if (ret_home)
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */ /* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) && *ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
(empty_or_root(p->pw_dir) || (FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
!path_is_valid(p->pw_dir) || ? NULL : p->pw_dir;
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
if (ret_shell) if (ret_shell)
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) && *ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
(isempty(p->pw_shell) || (FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
!path_is_valid(p->pw_shell) || ? NULL : p->pw_shell;
!path_is_absolute(p->pw_shell) ||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
if (patch_username) if (patch_username)
*username = p->pw_name; *username = p->pw_name;

View File

@ -12,6 +12,8 @@
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h> #include <unistd.h>
#include "string-util.h"
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */ /* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
#define HOME_UID_MIN ((uid_t) 60001) #define HOME_UID_MIN ((uid_t) 60001)
#define HOME_UID_MAX ((uid_t) 60513) #define HOME_UID_MAX ((uid_t) 60513)
@ -36,10 +38,20 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
char* getlogname_malloc(void); char* getlogname_malloc(void);
char* getusername_malloc(void); char* getusername_malloc(void);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
bool is_nologin_shell(const char *shell);
static inline bool shell_is_placeholder(const char *shell) {
return isempty(shell) || is_nologin_shell(shell);
}
typedef enum UserCredsFlags { typedef enum UserCredsFlags {
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */ USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */ USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */ USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
} UserCredsFlags; } UserCredsFlags;
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags); int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
@ -125,10 +137,6 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
int putsgent_sane(const struct sgrp *sg, FILE *stream); int putsgent_sane(const struct sgrp *sg, FILE *stream);
#endif #endif
bool is_nologin_shell(const char *shell);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
int is_this_me(const char *username); int is_this_me(const char *username);
const char* get_home_root(void); const char* get_home_root(void);

View File

@ -21,6 +21,11 @@
#include "smbios.h" #include "smbios.h"
#include "util.h" #include "util.h"
/* Validate the descriptor macros a bit that they match our expectations */
assert_cc(DEVICE_DESCRIPTOR_DEVICETREE == UINT32_C(0x1000001C));
assert_cc(DEVICE_SIZE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == sizeof(Device));
assert_cc(DEVICE_TYPE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == DEVICE_TYPE_DEVICETREE);
/** /**
* smbios_to_hashable_string() - Convert ascii smbios string to stripped char16_t. * smbios_to_hashable_string() - Convert ascii smbios string to stripped char16_t.
*/ */
@ -105,9 +110,10 @@ EFI_STATUS chid_match(const void *hwid_buffer, size_t hwid_length, const Device
/* Count devices and check validity */ /* Count devices and check validity */
for (; (n_devices + 1) * sizeof(*devices) < hwid_length;) { for (; (n_devices + 1) * sizeof(*devices) < hwid_length;) {
if (devices[n_devices].struct_size == 0)
if (devices[n_devices].descriptor == DEVICE_DESCRIPTOR_EOL)
break; break;
if (devices[n_devices].struct_size != sizeof(*devices)) if (devices[n_devices].descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
n_devices++; n_devices++;
} }

View File

@ -2,22 +2,63 @@
#pragma once #pragma once
#include "efi.h" #include "efi.h"
#include "chid-fundamental.h" #include "chid-fundamental.h"
/* A .hwids PE section consists of a series of 'Device' structures. A 'Device' structure binds a CHID to some
* resource, for now only Devicetree blobs. Designed to be extensible to other types of resources, should the
* need arise. The series of 'Device' structures is followed by some space for strings that can be referenced
* by offset by the Device structures. */
enum {
DEVICE_TYPE_DEVICETREE = 0x1, /* A devicetree blob */
/* Maybe later additional types for:
* - CoCo Bring-Your-Own-Firmware
* - ACPI DSDT Overrides
* - */
};
#define DEVICE_SIZE_FROM_DESCRIPTOR(u) ((uint32_t) (u) & UINT32_C(0x0FFFFFFF))
#define DEVICE_TYPE_FROM_DESCRIPTOR(u) ((uint32_t) (u) >> 28)
#define DEVICE_MAKE_DESCRIPTOR(type, size) (((uint32_t) (size) | ((uint32_t) type << 28)))
#define DEVICE_DESCRIPTOR_DEVICETREE DEVICE_MAKE_DESCRIPTOR(DEVICE_TYPE_DEVICETREE, sizeof(Device))
#define DEVICE_DESCRIPTOR_EOL UINT32_C(0)
typedef struct Device { typedef struct Device {
uint32_t struct_size; /* = sizeof(struct Device), or 0 for EOL */ uint32_t descriptor; /* The highest four bit encode the type of entry, the other 28 bit encode the
uint32_t name_offset; /* nul-terminated string or 0 if not present */ * size of the structure. Use the macros above to generate or take apart this
uint32_t compatible_offset; /* nul-terminated string or 0 if not present */ * field. */
EFI_GUID chid; EFI_GUID chid;
union {
struct {
/* These offsets are relative to the beginning of the .hwids PE section. */
uint32_t name_offset; /* nul-terminated string or 0 if not present */
uint32_t compatible_offset; /* nul-terminated string or 0 if not present */
} devicetree;
/* fields for other descriptor types… */
};
} _packed_ Device; } _packed_ Device;
/* Validate some offset, since the structure is API and src/ukify/ukify.py encodes them directly */
assert_cc(offsetof(Device, descriptor) == 0);
assert_cc(offsetof(Device, chid) == 4);
assert_cc(offsetof(Device, devicetree.name_offset) == 20);
assert_cc(offsetof(Device, devicetree.compatible_offset) == 24);
assert_cc(sizeof(Device) == 28);
static inline const char* device_get_name(const void *base, const Device *device) { static inline const char* device_get_name(const void *base, const Device *device) {
return device->name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->name_offset); if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.name_offset);
} }
static inline const char* device_get_compatible(const void *base, const Device *device) { static inline const char* device_get_compatible(const void *base, const Device *device) {
return device->compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->compatible_offset); if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.compatible_offset);
} }
EFI_STATUS chid_match(const void *chids_buffer, size_t chids_length, const Device **ret_device); EFI_STATUS chid_match(const void *chids_buffer, size_t chids_length, const Device **ret_device);

View File

@ -100,6 +100,13 @@ static inline Pages xmalloc_pages(
} }
static inline Pages xmalloc_initrd_pages(size_t n_pages) { static inline Pages xmalloc_initrd_pages(size_t n_pages) {
/* The original native x86 boot protocol of the Linux kernel was not 64bit safe, hence we allocate
* memory for the initrds below the 4G boundary on x86, since we don't know early enough which
* protocol we'll use to ultimately boot the kernel. This restriction is somewhat obsolete, since
* these days we generally prefer the kernel's newer EFI entrypoint instead, which has no such
* limitations. On other architectures we do not bother with any restriction on this, in particular
* as some of them don't even have RAM mapped to such low addresses. */
#if defined(__i386__) || defined(__x86_64__) #if defined(__i386__) || defined(__x86_64__)
return xmalloc_pages( return xmalloc_pages(
AllocateMaxAddress, AllocateMaxAddress,

View File

@ -299,7 +299,6 @@ static const char *const esp_subdirs[] = {
"EFI/BOOT", "EFI/BOOT",
"loader", "loader",
"loader/keys", "loader/keys",
"loader/keys/auto",
NULL NULL
}; };
@ -615,6 +614,10 @@ static int install_secure_boot_auto_enroll(const char *esp, X509 *certificate, E
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert X.509 certificate to DER: %s", return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert X.509 certificate to DER: %s",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
r = mkdir_one(esp, "loader/keys/auto");
if (r < 0)
return r;
_cleanup_close_ int keys_fd = chase_and_open("loader/keys/auto", esp, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, O_DIRECTORY, NULL); _cleanup_close_ int keys_fd = chase_and_open("loader/keys/auto", esp, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, O_DIRECTORY, NULL);
if (keys_fd < 0) if (keys_fd < 0)
return log_error_errno(keys_fd, "Failed to chase loader/keys/auto in the ESP: %m"); return log_error_errno(keys_fd, "Failed to chase loader/keys/auto in the ESP: %m");
@ -1287,6 +1290,10 @@ int verb_remove(int argc, char *argv[], void *userdata) {
r = q; r = q;
} }
q = rmdir_one(arg_esp_path, "/loader/keys/auto");
if (q < 0 && r >= 0)
r = q;
q = remove_subdirs(arg_esp_path, esp_subdirs); q = remove_subdirs(arg_esp_path, esp_subdirs);
if (q < 0 && r >= 0) if (q < 0 && r >= 0)
r = q; r = q;

View File

@ -855,9 +855,6 @@ static int get_fixed_user(
assert(user_or_uid); assert(user_or_uid);
assert(ret_username); assert(ret_username);
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN); r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
if (r < 0) if (r < 0)
return r; return r;
@ -1883,7 +1880,10 @@ static int build_environment(
} }
} }
if (home && set_user_login_env) { /* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
if (home && set_user_login_env && !empty_or_root(home)) {
x = strjoin("HOME=", home); x = strjoin("HOME=", home);
if (!x) if (!x)
return -ENOMEM; return -ENOMEM;
@ -1892,7 +1892,7 @@ static int build_environment(
our_env[n_env++] = x; our_env[n_env++] = x;
} }
if (shell && set_user_login_env) { if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
x = strjoin("SHELL=", shell); x = strjoin("SHELL=", shell);
if (!x) if (!x)
return -ENOMEM; return -ENOMEM;
@ -3471,20 +3471,16 @@ static int apply_working_directory(
const ExecContext *context, const ExecContext *context,
const ExecParameters *params, const ExecParameters *params,
ExecRuntime *runtime, ExecRuntime *runtime,
const char *home, const char *home) {
int *exit_status) {
const char *wd; const char *wd;
int r; int r;
assert(context); assert(context);
assert(exit_status);
if (context->working_directory_home) { if (context->working_directory_home) {
if (!home) { if (!home)
*exit_status = EXIT_CHDIR;
return -ENXIO; return -ENXIO;
}
wd = home; wd = home;
} else } else
@ -3503,13 +3499,7 @@ static int apply_working_directory(
if (r >= 0) if (r >= 0)
r = RET_NERRNO(fchdir(dfd)); r = RET_NERRNO(fchdir(dfd));
} }
return context->working_directory_missing_ok ? 0 : r;
if (r < 0 && !context->working_directory_missing_ok) {
*exit_status = EXIT_CHDIR;
return r;
}
return 0;
} }
static int apply_root_directory( static int apply_root_directory(
@ -3785,7 +3775,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
if (!c->working_directory_home) if (!c->working_directory_home)
return 0; return 0;
if (c->dynamic_user) if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
return -EADDRNOTAVAIL; return -EADDRNOTAVAIL;
r = get_home_dir(ret_buf); r = get_home_dir(ret_buf);
@ -4543,7 +4533,7 @@ int exec_invoke(
r = acquire_home(context, &home, &home_buffer); r = acquire_home(context, &home, &home_buffer);
if (r < 0) { if (r < 0) {
*exit_status = EXIT_CHDIR; *exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m"); return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
} }
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */ /* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
@ -5382,9 +5372,11 @@ int exec_invoke(
* running this service might have the correct privilege to change to the working directory. Also, it * running this service might have the correct privilege to change to the working directory. Also, it
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that * is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
* the cwd cannot be used to pin directories outside of the sandbox. */ * the cwd cannot be used to pin directories outside of the sandbox. */
r = apply_working_directory(context, params, runtime, home, exit_status); r = apply_working_directory(context, params, runtime, home);
if (r < 0) if (r < 0) {
*exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m"); return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
}
if (needs_sandboxing) { if (needs_sandboxing) {
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to /* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to

View File

@ -1689,6 +1689,11 @@ static int become_shutdown(int objective, int retval) {
/* Tell the binary how often to ping, ignore failure */ /* Tell the binary how often to ping, ignore failure */
(void) strv_extendf(&env_block, "WATCHDOG_USEC="USEC_FMT, watchdog_timer); (void) strv_extendf(&env_block, "WATCHDOG_USEC="USEC_FMT, watchdog_timer);
/* Make sure that tools that look for $WATCHDOG_USEC (and might get started by the exitrd) don't get
* confused by the variable, because the sd_watchdog_enabled() protocol uses the same variable for
* the same purposes. */
(void) strv_extendf(&env_block, "WATCHDOG_PID=" PID_FMT, getpid_cached());
if (arg_watchdog_device) if (arg_watchdog_device)
(void) strv_extendf(&env_block, "WATCHDOG_DEVICE=%s", arg_watchdog_device); (void) strv_extendf(&env_block, "WATCHDOG_DEVICE=%s", arg_watchdog_device);

View File

@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0; return 0;
} }
r = service_add_fd_store(s, fd, fdn, do_poll); r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
if (r < 0) { if (r < 0) {
log_unit_debug_errno(u, r, log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn); "Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0; return 0;
} }
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) { } else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL; _cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF; _cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ int enroll_fido2(
fflush(stdout); fflush(stdout);
fprintf(stderr, fprintf(stderr,
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n" "\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
"using the associated FIDO2 keyslot which we just created. To configure automatic\n" "using the associated FIDO2 keyslot which we just created. To configure automatic\n"
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n" "unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
"file, see %s for details.\n", link); "file, see %s for details.\n", link);

View File

@ -427,7 +427,10 @@ int wipe_slots(struct crypt_device *cd,
for (size_t i = n_ordered_slots; i > 0; i--) { for (size_t i = n_ordered_slots; i > 0; i--) {
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]); r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
if (r < 0) { if (r < 0) {
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]); if (r == -ENOENT)
log_warning_errno(r, "Failed to wipe non-existent slot %i, continuing.", ordered_slots[i - 1]);
else
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
if (ret == 0) if (ret == 0)
ret = r; ret = r;
} else } else

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n" "\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n" " --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n" " --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS11 Enrollment:%4$s\n" "\n%3$sPKCS#11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n" " --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n" " Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n" "\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -98,16 +98,11 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
} }
} }
#if HAVE_SYSV_COMPAT else if (streq(key, "fastboot") && !value)
else if (streq(key, "fastboot") && !value) {
log_warning("Please pass 'fsck.mode=skip' rather than 'fastboot' on the kernel command line.");
arg_skip = true; arg_skip = true;
} else if (streq(key, "forcefsck") && !value) { else if (streq(key, "forcefsck") && !value)
log_warning("Please pass 'fsck.mode=force' rather than 'forcefsck' on the kernel command line.");
arg_force = true; arg_force = true;
}
#endif
return 0; return 0;
} }

View File

@ -750,7 +750,7 @@ static int ndisc_option_parse_route(Set **options, size_t offset, size_t len, co
usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true); usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true);
struct in6_addr prefix; struct in6_addr prefix;
memcpy(&prefix, opt + 8, len - 8); memcpy_safe(&prefix, opt + 8, len - 8);
in6_addr_mask(&prefix, prefixlen); in6_addr_mask(&prefix, prefixlen);
return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime); return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime);

View File

@ -1033,12 +1033,14 @@ global:
sd_varlink_server_listen_fd; sd_varlink_server_listen_fd;
sd_varlink_server_loop_auto; sd_varlink_server_loop_auto;
sd_varlink_server_new; sd_varlink_server_new;
sd_varlink_server_ref;
sd_varlink_server_set_connections_max; sd_varlink_server_set_connections_max;
sd_varlink_server_set_connections_per_uid_max; sd_varlink_server_set_connections_per_uid_max;
sd_varlink_server_set_description; sd_varlink_server_set_description;
sd_varlink_server_set_exit_on_idle; sd_varlink_server_set_exit_on_idle;
sd_varlink_server_set_userdata; sd_varlink_server_set_userdata;
sd_varlink_server_shutdown; sd_varlink_server_shutdown;
sd_varlink_server_unref;
sd_varlink_set_allow_fd_passing_input; sd_varlink_set_allow_fd_passing_input;
sd_varlink_set_allow_fd_passing_output; sd_varlink_set_allow_fd_passing_output;
sd_varlink_set_description; sd_varlink_set_description;

View File

@ -3265,7 +3265,7 @@ static sd_varlink_server* varlink_server_destroy(sd_varlink_server *s) {
return mfree(s); return mfree(s);
} }
DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy); DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) { static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) {
int allowed = -1; int allowed = -1;

View File

@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
int pidfd = sd_varlink_get_peer_pidfd(v); int pidfd = sd_varlink_get_peer_pidfd(v);
if (pidfd < 0) { if (pidfd < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd)) if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
return pidfd; return pidfd;
pid_t pid; pid_t pid;

View File

@ -101,18 +101,19 @@ static int help(int argc, char *argv[], void *userdata) {
" -j Same as --json=pretty on tty, --json=short otherwise\n" " -j Same as --json=pretty on tty, --json=short otherwise\n"
" --append=PATH Load specified JSON signature, and append new signature to it\n" " --append=PATH Load specified JSON signature, and append new signature to it\n"
"\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n" "\n%3$sUKI PE Section Options:%4$s %3$sUKI PE Section%4$s\n"
" --linux=PATH Path to Linux kernel image file %7$s .linux\n" " --linux=PATH Path to Linux kernel image file %7$s .linux\n"
" --osrel=PATH Path to os-release file %7$s .osrel\n" " --osrel=PATH Path to os-release file %7$s .osrel\n"
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n" " --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
" --initrd=PATH Path to initrd image file %7$s .initrd\n" " --initrd=PATH Path to initrd image file %7$s .initrd\n"
" --ucode=PATH Path to microcode image file %7$s .ucode\n" " --ucode=PATH Path to microcode image file %7$s .ucode\n"
" --splash=PATH Path to splash bitmap file %7$s .splash\n" " --splash=PATH Path to splash bitmap file %7$s .splash\n"
" --dtb=PATH Path to DeviceTree file %7$s .dtb\n" " --dtb=PATH Path to DeviceTree file %7$s .dtb\n"
" --uname=PATH Path to 'uname -r' file %7$s .uname\n" " --dtbauto=PATH Path to DeviceTree file for auto selection %7$s .dtbauto\n"
" --sbat=PATH Path to SBAT file %7$s .sbat\n" " --uname=PATH Path to 'uname -r' file %7$s .uname\n"
" --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n" " --sbat=PATH Path to SBAT file %7$s .sbat\n"
" --profile=PATH Path to profile file %7$s .profile\n" " --pcrpkey=PATH Path to public key for PCR signatures %7$s .pcrpkey\n"
" --hwids=PATH Path to HWIDs file %7$s .hwids\n" " --profile=PATH Path to profile file %7$s .profile\n"
" --hwids=PATH Path to HWIDs file %7$s .hwids\n"
"\nSee the %2$s for details.\n", "\nSee the %2$s for details.\n",
program_invocation_short_name, program_invocation_short_name,
link, link,

View File

@ -642,7 +642,7 @@ static bool netdev_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_add
if (hw_addr_equal(&link->hw_addr, hw_addr)) if (hw_addr_equal(&link->hw_addr, hw_addr))
return false; /* Unchanged, not necessary to set. */ return false; /* Unchanged, not necessary to set. */
/* Soem netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan. /* Some netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
* Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if * Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if
* the interface is running, e.g. dummy. For those cases, use custom checkers. */ * the interface is running, e.g. dummy. For those cases, use custom checkers. */
if (NETDEV_VTABLE(netdev)->can_set_mac) if (NETDEV_VTABLE(netdev)->can_set_mac)

View File

@ -1443,6 +1443,7 @@ int link_reconfigure_impl(Link *link, LinkReconfigurationFlag flags) {
} }
typedef struct LinkReconfigurationData { typedef struct LinkReconfigurationData {
Manager *manager;
Link *link; Link *link;
LinkReconfigurationFlag flags; LinkReconfigurationFlag flags;
sd_bus_message *message; sd_bus_message *message;
@ -1473,6 +1474,12 @@ static void link_reconfiguration_data_destroy_callback(LinkReconfigurationData *
} }
if (!data->counter || *data->counter <= 0) { if (!data->counter || *data->counter <= 0) {
/* Update the state files before replying the bus method. Otherwise,
* systemd-networkd-wait-online following networkctl reload/reconfigure may read an
* outdated state file and wrongly handle an interface is already in the configured
* state. */
(void) manager_clean_all(data->manager);
r = sd_bus_reply_method_return(data->message, NULL); r = sd_bus_reply_method_return(data->message, NULL);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m"); log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
@ -1521,6 +1528,7 @@ int link_reconfigure_full(Link *link, LinkReconfigurationFlag flags, sd_bus_mess
} }
*data = (LinkReconfigurationData) { *data = (LinkReconfigurationData) {
.manager = link->manager,
.link = link_ref(link), .link = link_ref(link),
.flags = flags, .flags = flags,
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */ .message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */

View File

@ -1610,7 +1610,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
return 0; return 0;
} }
static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
uint8_t flags, prefixlen; uint8_t flags, prefixlen;
struct in6_addr a; struct in6_addr a;
int r; int r;
@ -1619,6 +1619,14 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
assert(link->network); assert(link->network);
assert(rt); assert(rt);
usec_t lifetime_usec;
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_usec);
if (r < 0)
return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_prefix_get_address(rt, &a); r = sd_ndisc_router_prefix_get_address(rt, &a);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get prefix address: %m"); return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
@ -1664,7 +1672,7 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
return 0; return 0;
} }
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
_cleanup_(route_unrefp) Route *route = NULL; _cleanup_(route_unrefp) Route *route = NULL;
uint8_t preference, prefixlen; uint8_t preference, prefixlen;
struct in6_addr gateway, dst; struct in6_addr gateway, dst;
@ -1680,6 +1688,9 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m"); return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_route_get_address(rt, &dst); r = sd_ndisc_router_route_get_address(rt, &dst);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get route destination address: %m"); return log_link_warning_errno(link, r, "Failed to get route destination address: %m");
@ -1712,10 +1723,6 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
} }
r = sd_ndisc_router_route_get_preference(rt, &preference); r = sd_ndisc_router_route_get_preference(rt, &preference);
if (r == -EOPNOTSUPP) {
log_link_debug_errno(link, r, "Received route prefix with unsupported preference, ignoring: %m");
return 0;
}
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m"); return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
@ -1759,7 +1766,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_rdnss_compare_func, ndisc_rdnss_compare_func,
free); free);
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
usec_t lifetime_usec; usec_t lifetime_usec;
const struct in6_addr *a; const struct in6_addr *a;
struct in6_addr router; struct in6_addr router;
@ -1781,6 +1788,9 @@ static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m"); return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
n = sd_ndisc_router_rdnss_get_addresses(rt, &a); n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
if (n < 0) if (n < 0)
return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m"); return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
@ -1851,7 +1861,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_dnssl_compare_func, ndisc_dnssl_compare_func,
free); free);
static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
char **l; char **l;
usec_t lifetime_usec; usec_t lifetime_usec;
struct in6_addr router; struct in6_addr router;
@ -1873,6 +1883,9 @@ static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m"); return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_dnssl_get_domains(rt, &l); r = sd_ndisc_router_dnssl_get_domains(rt, &l);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m"); return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m");
@ -1953,7 +1966,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_captive_portal_compare_func, ndisc_captive_portal_compare_func,
ndisc_captive_portal_free); ndisc_captive_portal_free);
static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
_cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL; _cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL;
_cleanup_free_ char *captive_portal = NULL; _cleanup_free_ char *captive_portal = NULL;
const char *uri; const char *uri;
@ -1980,6 +1993,9 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt)
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m"); return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_get_captive_portal(rt, &uri); r = sd_ndisc_router_get_captive_portal(rt, &uri);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m"); return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m");
@ -2068,7 +2084,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
ndisc_pref64_compare_func, ndisc_pref64_compare_func,
mfree); mfree);
static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
_cleanup_free_ NDiscPREF64 *new_entry = NULL; _cleanup_free_ NDiscPREF64 *new_entry = NULL;
usec_t lifetime_usec; usec_t lifetime_usec;
struct in6_addr a, router; struct in6_addr a, router;
@ -2099,6 +2115,9 @@ static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m"); return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
if (lifetime_usec == 0) { if (lifetime_usec == 0) {
free(set_remove(link->ndisc_pref64, free(set_remove(link->ndisc_pref64,
&(NDiscPREF64) { &(NDiscPREF64) {
@ -2217,7 +2236,7 @@ static int sd_dns_resolver_copy(const sd_dns_resolver *a, sd_dns_resolver *b) {
return 0; return 0;
} }
static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
int r; int r;
assert(link); assert(link);
@ -2240,6 +2259,9 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m"); return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
if ((lifetime_usec == 0) != zero_lifetime)
return 0;
r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res); r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res);
if (r < 0) if (r < 0)
return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m"); return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m");
@ -2292,7 +2314,7 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) {
return 0; return 0;
} }
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) { static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
size_t n_captive_portal = 0; size_t n_captive_portal = 0;
int r; int r;
@ -2314,19 +2336,19 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
switch (type) { switch (type) {
case SD_NDISC_OPTION_PREFIX_INFORMATION: case SD_NDISC_OPTION_PREFIX_INFORMATION:
r = ndisc_router_process_prefix(link, rt); r = ndisc_router_process_prefix(link, rt, zero_lifetime);
break; break;
case SD_NDISC_OPTION_ROUTE_INFORMATION: case SD_NDISC_OPTION_ROUTE_INFORMATION:
r = ndisc_router_process_route(link, rt); r = ndisc_router_process_route(link, rt, zero_lifetime);
break; break;
case SD_NDISC_OPTION_RDNSS: case SD_NDISC_OPTION_RDNSS:
r = ndisc_router_process_rdnss(link, rt); r = ndisc_router_process_rdnss(link, rt, zero_lifetime);
break; break;
case SD_NDISC_OPTION_DNSSL: case SD_NDISC_OPTION_DNSSL:
r = ndisc_router_process_dnssl(link, rt); r = ndisc_router_process_dnssl(link, rt, zero_lifetime);
break; break;
case SD_NDISC_OPTION_CAPTIVE_PORTAL: case SD_NDISC_OPTION_CAPTIVE_PORTAL:
if (n_captive_portal > 0) { if (n_captive_portal > 0) {
@ -2336,15 +2358,15 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
n_captive_portal++; n_captive_portal++;
continue; continue;
} }
r = ndisc_router_process_captive_portal(link, rt); r = ndisc_router_process_captive_portal(link, rt, zero_lifetime);
if (r > 0) if (r > 0)
n_captive_portal++; n_captive_portal++;
break; break;
case SD_NDISC_OPTION_PREF64: case SD_NDISC_OPTION_PREF64:
r = ndisc_router_process_pref64(link, rt); r = ndisc_router_process_pref64(link, rt, zero_lifetime);
break; break;
case SD_NDISC_OPTION_ENCRYPTED_DNS: case SD_NDISC_OPTION_ENCRYPTED_DNS:
r = ndisc_router_process_encrypted_dns(link, rt); r = ndisc_router_process_encrypted_dns(link, rt, zero_lifetime);
break; break;
} }
if (r < 0 && r != -EBADMSG) if (r < 0 && r != -EBADMSG)
@ -2652,10 +2674,6 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return r; return r;
r = ndisc_router_process_default(link, rt);
if (r < 0)
return r;
r = ndisc_router_process_reachable_time(link, rt); r = ndisc_router_process_reachable_time(link, rt);
if (r < 0) if (r < 0)
return r; return r;
@ -2672,7 +2690,15 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
if (r < 0) if (r < 0)
return r; return r;
r = ndisc_router_process_options(link, rt); r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ true);
if (r < 0)
return r;
r = ndisc_router_process_default(link, rt);
if (r < 0)
return r;
r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ false);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -968,7 +968,7 @@ static void nexthop_forget_one(NextHop *nexthop) {
Request *req; Request *req;
if (nexthop_get_request_by_id(nexthop->manager, nexthop->id, &req) >= 0) if (nexthop_get_request_by_id(nexthop->manager, nexthop->id, &req) >= 0)
route_enter_removed(req->userdata); nexthop_enter_removed(req->userdata);
nexthop_enter_removed(nexthop); nexthop_enter_removed(nexthop);
log_nexthop_debug(nexthop, "Forgetting silently removed", nexthop->manager); log_nexthop_debug(nexthop, "Forgetting silently removed", nexthop->manager);

View File

@ -50,6 +50,7 @@ static int add_syscall_filters(
{ CAP_IPC_LOCK, "@memlock" }, { CAP_IPC_LOCK, "@memlock" },
/* Plus a good set of additional syscalls which are not part of any of the groups above */ /* Plus a good set of additional syscalls which are not part of any of the groups above */
{ 0, "arm_fadvise64_64" },
{ 0, "brk" }, { 0, "brk" },
{ 0, "capget" }, { 0, "capget" },
{ 0, "capset" }, { 0, "capset" },

View File

@ -477,7 +477,8 @@ static int custom_mount_check_all(void) {
if (path_equal(m->destination, "/") && arg_userns_mode != USER_NAMESPACE_NO) { if (path_equal(m->destination, "/") && arg_userns_mode != USER_NAMESPACE_NO) {
if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_OFF) if (arg_userns_ownership != USER_NAMESPACE_OWNERSHIP_OFF)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"--private-users-ownership=own may not be combined with custom root mounts."); "--private-users-ownership=%s may not be combined with custom root mounts.",
user_namespace_ownership_to_string(arg_userns_ownership));
if (arg_uid_shift == UID_INVALID) if (arg_uid_shift == UID_INVALID)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"--private-users with automatic UID shift may not be combined with custom root mounts."); "--private-users with automatic UID shift may not be combined with custom root mounts.");
@ -2279,10 +2280,9 @@ static int copy_devnode_one(const char *dest, const char *node, bool ignore_mkno
r = path_extract_directory(from, &parent); r = path_extract_directory(from, &parent);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to extract directory from %s: %m", from); return log_error_errno(r, "Failed to extract directory from %s: %m", from);
if (!path_equal(parent, "/dev/")) { r = userns_mkdir(dest, parent, 0755, 0, 0);
if (userns_mkdir(dest, parent, 0755, 0, 0) < 0) if (r < 0)
return log_error_errno(r, "Failed to create directory %s: %m", parent); return log_error_errno(r, "Failed to create directory %s: %m", parent);
}
if (mknod(to, st.st_mode, st.st_rdev) < 0) { if (mknod(to, st.st_mode, st.st_rdev) < 0) {
r = -errno; /* Save the original error code. */ r = -errno; /* Save the original error code. */
@ -4653,7 +4653,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r
ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred);
if (!ucred || ucred->pid != inner_child_pid) { if (!ucred || ucred->pid != inner_child_pid) {
log_debug("Received notify message without valid credentials. Ignoring."); log_debug("Received notify message from process that is not the payload's PID 1. Ignoring.");
return 0; return 0;
} }

View File

@ -36,14 +36,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
arg_skip = true; arg_skip = true;
else else
log_warning("Invalid quotacheck.mode= value, ignoring: %s", value); log_warning("Invalid quotacheck.mode= value, ignoring: %s", value);
}
#if HAVE_SYSV_COMPAT } else if (streq(key, "forcequotacheck") && !value)
else if (streq(key, "forcequotacheck") && !value) {
log_warning("Please use 'quotacheck.mode=force' rather than 'forcequotacheck' on the kernel command line. Proceeding anyway.");
arg_force = true; arg_force = true;
}
#endif
return 0; return 0;
} }

View File

@ -2297,7 +2297,8 @@ static int start_transient_scope(sd_bus *bus) {
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS); r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
if (r < 0) if (r < 0)
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user); return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);

View File

@ -46,13 +46,17 @@ static bool argv_has_at(pid_t pid) {
return c == '@'; return c == '@';
} }
static bool is_survivor_cgroup(const PidRef *pid) { static bool is_in_survivor_cgroup(const PidRef *pid) {
_cleanup_free_ char *cgroup_path = NULL; _cleanup_free_ char *cgroup_path = NULL;
int r; int r;
assert(pidref_is_set(pid)); assert(pidref_is_set(pid));
r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path); r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
if (r == -EUNATCH) {
log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
return true;
}
if (r < 0) { if (r < 0) {
log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid); log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
return false; return false;
@ -86,7 +90,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
return true; /* also ignore processes where we can't determine this */ return true; /* also ignore processes where we can't determine this */
/* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */ /* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
if (is_survivor_cgroup(pid)) if (is_in_survivor_cgroup(pid))
return true; return true;
r = pidref_get_uid(pid, &uid); r = pidref_get_uid(pid, &uid);

View File

@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret); int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret); int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags); int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
/* Default to PCR 7 only */ /* Default to PCR 7 only */
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7) #define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)

View File

@ -28,21 +28,28 @@ const char* user_record_state_color(const char *state) {
return NULL; return NULL;
} }
static void dump_self_modifiable(const char *heading, char **field, const char **value) { static void dump_self_modifiable(
const char *heading,
char **field,
const char **value) {
assert(heading); assert(heading);
/* Helper function for printing the various self_modifiable_* fields from the user record */ /* Helper function for printing the various self_modifiable_* fields from the user record */
if (strv_isempty((char**) value)) if (!value)
/* Case 1: the array is explicitly set to be empty by the administrator */ /* Case 1: no value is set and no default either */
printf("%13s %sDisabled by Administrator%s\n", heading, ansi_highlight_red(), ansi_normal()); printf("%13s %snone%s\n", heading, ansi_highlight(), ansi_normal());
else if (strv_isempty((char**) value))
/* Case 2: the array is explicitly set to empty by the administrator */
printf("%13s %sdisabled by administrator%s\n", heading, ansi_highlight_red(), ansi_normal());
else if (!field) else if (!field)
/* Case 2: we have values, but the field is NULL. This means that we're using the defaults. /* Case 3: we have values, but the field is NULL. This means that we're using the defaults.
* We list them anyways, because they're security-sensitive to the administrator */ * We list them anyways, because they're security-sensitive to the administrator */
STRV_FOREACH(i, value) STRV_FOREACH(i, value)
printf("%13s %s%s%s\n", i == value ? heading : "", ansi_grey(), *i, ansi_normal()); printf("%13s %s%s%s\n", i == value ? heading : "", ansi_grey(), *i, ansi_normal());
else else
/* Case 3: we have a list provided by the administrator */ /* Case 4: we have a list provided by the administrator */
STRV_FOREACH(i, value) STRV_FOREACH(i, value)
printf("%13s %s\n", i == value ? heading : "", *i); printf("%13s %s\n", i == value ? heading : "", *i);
} }

View File

@ -2165,8 +2165,15 @@ const char** user_record_self_modifiable_fields(UserRecord *h) {
assert(h); assert(h);
/* Note: if the self_modifiable_fields field in UserRecord is NULL we'll apply a default, if we have
* one. If it is a non-NULL empty strv, we'll report it as explicit empty list. When the field is
* NULL and we have no default list we'll return NULL. */
/* Note that we intentionally distinguish between NULL and an empty array here */ /* Note that we intentionally distinguish between NULL and an empty array here */
return (const char**) h->self_modifiable_fields ?: (const char**) default_fields; if (h->self_modifiable_fields)
return (const char**) h->self_modifiable_fields;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
} }
const char** user_record_self_modifiable_blobs(UserRecord *h) { const char** user_record_self_modifiable_blobs(UserRecord *h) {
@ -2180,7 +2187,10 @@ const char** user_record_self_modifiable_blobs(UserRecord *h) {
assert(h); assert(h);
/* Note that we intentionally distinguish between NULL and an empty array here */ /* Note that we intentionally distinguish between NULL and an empty array here */
return (const char**) h->self_modifiable_blobs ?: (const char**) default_blobs; if (h->self_modifiable_blobs)
return (const char**) h->self_modifiable_blobs;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_blobs : NULL;
} }
const char** user_record_self_modifiable_privileged(UserRecord *h) { const char** user_record_self_modifiable_privileged(UserRecord *h) {
@ -2201,7 +2211,10 @@ const char** user_record_self_modifiable_privileged(UserRecord *h) {
assert(h); assert(h);
/* Note that we intentionally distinguish between NULL and an empty array here */ /* Note that we intentionally distinguish between NULL and an empty array here */
return (const char**) h->self_modifiable_privileged ?: (const char**) default_fields; if (h->self_modifiable_privileged)
return (const char**) h->self_modifiable_privileged;
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
} }
static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) { static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {

View File

@ -98,15 +98,17 @@ static int delete_dm(DeviceMapper *m) {
assert(major(m->devnum) != 0); assert(major(m->devnum) != 0);
assert(m->path); assert(m->path);
fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
if (fd < 0)
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
else {
(void) sync_with_progress(fd);
fd = safe_close(fd);
}
fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC); fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
if (fd < 0) if (fd < 0)
return -errno; return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
_cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
if (block_fd < 0)
log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
else
(void) sync_with_progress(block_fd);
return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) { return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
.version = { .version = {

View File

@ -211,10 +211,8 @@ static int sync_making_progress(unsigned long long *prev_dirty) {
continue; continue;
errno = 0; errno = 0;
if (sscanf(line, "%*s %llu %*s", &ull) != 1) { if (sscanf(line, "%*s %llu %*s", &ull) != 1)
log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field, ignoring: %m"); return log_warning_errno(errno_or_else(EIO), "Failed to parse /proc/meminfo field: %m");
return false;
}
val += ull; val += ull;
} }

View File

@ -245,8 +245,8 @@ static int add_vsock_socket(
if (r < 0) if (r < 0)
return r; return r;
log_info("Binding SSH to AF_VSOCK vsock::22.\n" log_debug("Binding SSH to AF_VSOCK vsock::22.\n"
"→ connect via 'ssh vsock/%u' from host", local_cid); "→ connect via 'ssh vsock/%u' from host", local_cid);
return 0; return 0;
} }
@ -280,8 +280,8 @@ static int add_local_unix_socket(
if (r < 0) if (r < 0)
return r; return r;
log_info("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n" log_debug("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n"
"→ connect via 'ssh .host' locally"); "→ connect via 'ssh .host' locally");
return 0; return 0;
} }
@ -336,8 +336,8 @@ static int add_export_unix_socket(
if (r < 0) if (r < 0)
return r; return r;
log_info("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n" log_debug("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n"
"→ connect via 'ssh unix/run/systemd/nspawn/unix-export/\?\?\?/ssh' from host"); "→ connect via 'ssh unix/run/systemd/nspawn/unix-export/\?\?\?/ssh' from host");
return 0; return 0;
} }
@ -387,7 +387,7 @@ static int add_extra_sockets(
if (r < 0) if (r < 0)
return r; return r;
log_info("Binding SSH to socket %s.", *i); log_debug("Binding SSH to socket %s.", *i);
n++; n++;
} }
@ -462,7 +462,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
_cleanup_free_ char *sshd_binary = NULL; _cleanup_free_ char *sshd_binary = NULL;
r = find_executable("sshd", &sshd_binary); r = find_executable("sshd", &sshd_binary);
if (r == -ENOENT) { if (r == -ENOENT) {
log_info("Disabling SSH generator logic, since sshd is not installed."); log_debug("Disabling SSH generator logic, since sshd is not installed.");
return 0; return 0;
} }
if (r < 0) if (r < 0)

View File

@ -724,7 +724,7 @@ static void print_status_info(
printf(" Tasks: %" PRIu64, i->tasks_current); printf(" Tasks: %" PRIu64, i->tasks_current);
if (i->tasks_max != UINT64_MAX) if (i->tasks_max != UINT64_MAX)
printf(" (limit: %" PRIu64 ")\n", i->tasks_max); printf("%s (limit: %" PRIu64 ")%s\n", ansi_grey(), i->tasks_max, ansi_normal());
else else
printf("\n"); printf("\n");
} }

View File

@ -99,15 +99,15 @@ int main(void) {
printf("Found %zu symbols from source files.\\n", j); printf("Found %zu symbols from source files.\\n", j);
for (i = 0; symbols_from_sym[i].name; i++) { for (i = 0; symbols_from_sym[i].name; i++) {
struct symbol*n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback); struct symbol *n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
if (!n) if (!n)
printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name); printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
} }
for (j = 0; symbols_from_source[j].name; j++) { for (j = 0; symbols_from_source[j].name; j++) {
struct symbol*n = bsearch(symbols_from_source+j, symbols_from_source, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback); struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
if (!n) if (!n)
printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[i].name); printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name);
} }
return i == j ? EXIT_SUCCESS : EXIT_FAILURE; return i == j ? EXIT_SUCCESS : EXIT_FAILURE;

View File

@ -7,24 +7,26 @@ TEST(audit_loginuid_from_pid) {
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL; _cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
int r; int r;
assert_se(pidref_set_self(&self) >= 0); ASSERT_OK(pidref_set_self(&self));
assert_se(pidref_set_pid(&pid1, 1) >= 0); ASSERT_OK(pidref_set_pid(&pid1, 1));
uid_t uid; uid_t uid;
r = audit_loginuid_from_pid(&self, &uid); r = audit_loginuid_from_pid(&self, &uid);
assert_se(r >= 0 || r == -ENODATA); if (r != -ENODATA)
ASSERT_OK(r);
if (r >= 0) if (r >= 0)
log_info("self audit login uid: " UID_FMT, uid); log_info("self audit login uid: " UID_FMT, uid);
assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA); ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
uint32_t sessionid; uint32_t sessionid;
r = audit_session_from_pid(&self, &sessionid); r = audit_session_from_pid(&self, &sessionid);
assert_se(r >= 0 || r == -ENODATA); if (r != -ENODATA)
ASSERT_OK(r);
if (r >= 0) if (r >= 0)
log_info("self audit session id: %" PRIu32, sessionid); log_info("self audit session id: %" PRIu32, sessionid);
assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA); ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
} }
static int intro(void) { static int intro(void) {

View File

@ -9,7 +9,7 @@
({ \ ({ \
typeof(ret) _r = (ret); \ typeof(ret) _r = (ret); \
user_record_unref(*_r); \ user_record_unref(*_r); \
assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \ assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(SD_JSON_BUILD_PAIR_STRING("disposition", "regular"), __VA_ARGS__)) >= 0); \
0; \ 0; \
}) })

View File

@ -363,7 +363,7 @@ def test_config_priority(tmp_path):
assert opts.pcr_public_keys == ['PKEY2', 'some/path8'] assert opts.pcr_public_keys == ['PKEY2', 'some/path8']
assert opts.pcr_banks == ['SHA1', 'SHA256'] assert opts.pcr_banks == ['SHA1', 'SHA256']
assert opts.signing_engine == 'ENGINE' assert opts.signing_engine == 'ENGINE'
assert opts.signtool == ukify.SbSign # from args assert opts.signtool == 'sbsign' # from args
assert opts.sb_key == 'SBKEY' # from args assert opts.sb_key == 'SBKEY' # from args
assert opts.sb_cert == pathlib.Path('SBCERT') # from args assert opts.sb_cert == pathlib.Path('SBCERT') # from args
assert opts.sb_certdir == 'some/path5' # from config assert opts.sb_certdir == 'some/path5' # from config

View File

@ -238,7 +238,9 @@ class UkifyConfig:
all: bool all: bool
cmdline: Union[str, Path, None] cmdline: Union[str, Path, None]
devicetree: Path devicetree: Path
devicetree_auto: list[Path]
efi_arch: str efi_arch: str
hwids: Path
initrd: list[Path] initrd: list[Path]
join_profiles: list[Path] join_profiles: list[Path]
json: Union[Literal['pretty'], Literal['short'], Literal['off']] json: Union[Literal['pretty'], Literal['short'], Literal['off']]
@ -265,7 +267,7 @@ class UkifyConfig:
signing_engine: Optional[str] signing_engine: Optional[str]
signing_provider: Optional[str] signing_provider: Optional[str]
certificate_provider: Optional[str] certificate_provider: Optional[str]
signtool: Optional[type['SignTool']] signtool: Optional[str]
splash: Optional[Path] splash: Optional[Path]
stub: Path stub: Path
summary: bool summary: bool
@ -365,6 +367,8 @@ DEFAULT_SECTIONS_TO_SHOW = {
'.ucode': 'binary', '.ucode': 'binary',
'.splash': 'binary', '.splash': 'binary',
'.dtb': 'binary', '.dtb': 'binary',
'.dtbauto': 'binary',
'.hwids': 'binary',
'.cmdline': 'text', '.cmdline': 'text',
'.osrel': 'text', '.osrel': 'text',
'.uname': 'text', '.uname': 'text',
@ -447,7 +451,7 @@ class UKI:
if s.name == '.profile': if s.name == '.profile':
start = i + 1 start = i + 1
if any(section.name == s.name for s in self.sections[start:]): if any(section.name == s.name for s in self.sections[start:] if s.name != '.dtbauto'):
raise ValueError(f'Duplicate section {section.name}') raise ValueError(f'Duplicate section {section.name}')
self.sections += [section] self.sections += [section]
@ -462,6 +466,17 @@ class SignTool:
def verify(opts: UkifyConfig) -> bool: def verify(opts: UkifyConfig) -> bool:
raise NotImplementedError() raise NotImplementedError()
@staticmethod
def from_string(name) -> type['SignTool']:
if name == 'pesign':
return PeSign
elif name == 'sbsign':
return SbSign
elif name == 'systemd-sbsign':
return SystemdSbSign
else:
raise ValueError(f'Invalid sign tool: {name!r}')
class PeSign(SignTool): class PeSign(SignTool):
@staticmethod @staticmethod
@ -620,8 +635,11 @@ def check_inputs(opts: UkifyConfig) -> None:
continue continue
if isinstance(value, Path): if isinstance(value, Path):
# Open file to check that we can read it, or generate an exception # Check that we can open the directory or file, or generate and exception
value.open().close() if value.is_dir():
value.iterdir()
else:
value.open().close()
elif isinstance(value, list): elif isinstance(value, list):
for item in value: for item in value:
if isinstance(item, Path): if isinstance(item, Path):
@ -704,7 +722,16 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
# PCR measurement # PCR measurement
# First, pick up either the base sections or the profile specific sections we shall measure now # First, pick up either the base sections or the profile specific sections we shall measure now
to_measure = {s.name: s for s in uki.sections[profile_start:] if s.measure} unique_to_measure = {
s.name: s for s in uki.sections[profile_start:] if s.measure and s.name != '.dtbauto'
}
dtbauto_to_measure: list[Optional[Section]] = [
s for s in uki.sections[profile_start:] if s.measure and s.name == '.dtbauto'
]
if len(dtbauto_to_measure) == 0:
dtbauto_to_measure = [None]
# Then, if we're measuring a profile, lookup the missing sections from the base image. # Then, if we're measuring a profile, lookup the missing sections from the base image.
if profile_start != 0: if profile_start != 0:
@ -718,61 +745,72 @@ def call_systemd_measure(uki: UKI, opts: UkifyConfig, profile_start: int = 0) ->
continue continue
# Check if this is a section we already covered above # Check if this is a section we already covered above
if section.name in to_measure: if section.name in unique_to_measure:
continue continue
to_measure[section.name] = section unique_to_measure[section.name] = section
if opts.measure: if opts.measure:
pp_groups = opts.phase_path_groups or [] to_measure = unique_to_measure.copy()
cmd = [ for dtbauto in dtbauto_to_measure:
measure_tool, if dtbauto is not None:
'calculate', to_measure[dtbauto.name] = dtbauto
*(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()),
*(f'--bank={bank}' for bank in banks),
# For measurement, the keys are not relevant, so we can lump all the phase paths
# into one call to systemd-measure calculate.
*(f'--phase={phase_path}' for phase_path in itertools.chain.from_iterable(pp_groups)),
]
print('+', shell_join(cmd)) pp_groups = opts.phase_path_groups or []
subprocess.check_call(cmd)
cmd = [
measure_tool,
'calculate',
*(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()),
*(f'--bank={bank}' for bank in banks),
# For measurement, the keys are not relevant, so we can lump all the phase paths
# into one call to systemd-measure calculate.
*(f'--phase={phase_path}' for phase_path in itertools.chain.from_iterable(pp_groups)),
]
print('+', shell_join(cmd))
subprocess.check_call(cmd)
# PCR signing # PCR signing
if opts.pcr_private_keys: if opts.pcr_private_keys:
pcrsigs = [] pcrsigs = []
to_measure = unique_to_measure.copy()
cmd = [ for dtbauto in dtbauto_to_measure:
measure_tool, if dtbauto is not None:
'sign', to_measure[dtbauto.name] = dtbauto
*(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()),
*(f'--bank={bank}' for bank in banks),
]
for priv_key, pub_key, group in key_path_groups(opts): cmd = [
extra = [f'--private-key={priv_key}'] measure_tool,
if opts.signing_engine is not None: 'sign',
assert pub_key *(f"--{s.name.removeprefix('.')}={s.content}" for s in to_measure.values()),
extra += [f'--private-key-source=engine:{opts.signing_engine}'] *(f'--bank={bank}' for bank in banks),
extra += [f'--certificate={pub_key}'] ]
elif opts.signing_provider is not None:
assert pub_key
extra += [f'--private-key-source=provider:{opts.signing_provider}']
extra += [f'--certificate={pub_key}']
elif pub_key:
extra += [f'--public-key={pub_key}']
if opts.certificate_provider is not None: for priv_key, pub_key, group in key_path_groups(opts):
extra += [f'--certificate-source=provider:{opts.certificate_provider}'] extra = [f'--private-key={priv_key}']
if opts.signing_engine is not None:
assert pub_key
extra += [f'--private-key-source=engine:{opts.signing_engine}']
extra += [f'--certificate={pub_key}']
elif opts.signing_provider is not None:
assert pub_key
extra += [f'--private-key-source=provider:{opts.signing_provider}']
extra += [f'--certificate={pub_key}']
elif pub_key:
extra += [f'--public-key={pub_key}']
extra += [f'--phase={phase_path}' for phase_path in group or ()] if opts.certificate_provider is not None:
extra += [f'--certificate-source=provider:{opts.certificate_provider}']
print('+', shell_join(cmd + extra)) # type: ignore extra += [f'--phase={phase_path}' for phase_path in group or ()]
pcrsig = subprocess.check_output(cmd + extra, text=True) # type: ignore
pcrsig = json.loads(pcrsig) print('+', shell_join(cmd + extra)) # type: ignore
pcrsigs += [pcrsig] pcrsig = subprocess.check_output(cmd + extra, text=True) # type: ignore
pcrsig = json.loads(pcrsig)
pcrsigs += [pcrsig]
combined = combine_signatures(pcrsigs) combined = combine_signatures(pcrsigs)
uki.add_section(Section.create('.pcrsig', combined)) uki.add_section(Section.create('.pcrsig', combined))
@ -903,7 +941,7 @@ def pe_add_sections(uki: UKI, output: str) -> None:
# the one from the kernel to it. It should be small enough to fit in the existing section, so just # the one from the kernel to it. It should be small enough to fit in the existing section, so just
# swap the data. # swap the data.
for i, s in enumerate(pe.sections[:n_original_sections]): for i, s in enumerate(pe.sections[:n_original_sections]):
if pe_strip_section_name(s.Name) == section.name: if pe_strip_section_name(s.Name) == section.name and section.name != '.dtbauto':
if new_section.Misc_VirtualSize > s.SizeOfRawData: if new_section.Misc_VirtualSize > s.SizeOfRawData:
raise PEError(f'Not enough space in existing section {section.name} to append new data.') raise PEError(f'Not enough space in existing section {section.name} to append new data.')
@ -975,6 +1013,123 @@ def merge_sbat(input_pe: list[Path], input_text: list[str]) -> str:
) )
# Keep in sync with EFI_GUID (src/boot/efi.h)
# uint32_t Data1, uint16_t Data2, uint16_t Data3, uint8_t Data4[8]
EFI_GUID = tuple[int, int, int, tuple[int, int, int, int, int, int, int, int]]
EFI_GUID_STRUCT_SIZE = 4 + 2 + 2 + 1 * 8
# Keep in sync with Device (DEVICE_TYPE_DEVICETREE) from src/boot/chid.h
# uint32_t descriptor, EFI_GUID chid, uint32_t name_offset, uint32_t compatible_offset
DEVICE_STRUCT_SIZE = 4 + EFI_GUID_STRUCT_SIZE + 4 + 4
NULL_DEVICE = b'\0' * DEVICE_STRUCT_SIZE
DEVICE_TYPE_DEVICETREE = 1
def device_make_descriptor(device_type: int, size: int) -> int:
return (size) | (device_type << 28)
def pack_device(offsets: dict[str, int], name: str, compatible: str, chids: list[EFI_GUID]) -> bytes:
data = b''
for data1, data2, data3, data4 in chids:
data += struct.pack(
'<IIHH8BII',
device_make_descriptor(DEVICE_TYPE_DEVICETREE, DEVICE_STRUCT_SIZE),
data1,
data2,
data3,
*data4,
offsets[name],
offsets[compatible],
)
assert len(data) == DEVICE_STRUCT_SIZE * len(chids)
return data
def hex_pairs_list(string: str) -> list[int]:
return [int(string[i : i + 2], 16) for i in range(0, len(string), 2)]
def pack_strings(strings: set[str], base: int) -> tuple[bytes, dict[str, int]]:
blob = b''
offsets = {}
for string in sorted(strings):
offsets[string] = base + len(blob)
blob += string.encode('utf-8') + b'\00'
return (blob, offsets)
def parse_hwid_dir(path: Path) -> bytes:
hwid_files = path.rglob('*.txt')
strings: set[str] = set()
devices: collections.defaultdict[tuple[str, str], list[EFI_GUID]] = collections.defaultdict(list)
uuid_regexp = re.compile(
r'\{[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}\}', re.I
)
for hwid_file in hwid_files:
content = hwid_file.open().readlines()
data: dict[str, str] = {
'Manufacturer': '',
'Family': '',
'Compatible': '',
}
uuids: list[EFI_GUID] = []
for line in content:
for k in data:
if line.startswith(k):
data[k] = line.split(':')[1].strip()
break
else:
uuid = uuid_regexp.match(line)
if uuid is not None:
d1, d2, d3, d4, d5 = uuid.group(0)[1:-1].split('-')
data1 = int(d1, 16)
data2 = int(d2, 16)
data3 = int(d3, 16)
data4 = cast(
tuple[int, int, int, int, int, int, int, int],
tuple(hex_pairs_list(d4) + hex_pairs_list(d5)),
)
uuids.append((data1, data2, data3, data4))
for k, v in data.items():
if not v:
raise ValueError(f'hwid description file "{hwid_file}" does not contain "{k}"')
name = data['Manufacturer'] + ' ' + data['Family']
compatible = data['Compatible']
strings |= set([name, compatible])
# (compatible, name) pair uniquely identifies the device
devices[(compatible, name)] += uuids
total_device_structs = 1
for dev, uuids in devices.items():
total_device_structs += len(uuids)
strings_blob, offsets = pack_strings(strings, total_device_structs * DEVICE_STRUCT_SIZE)
devices_blob = b''
for (compatible, name), uuids in devices.items():
devices_blob += pack_device(offsets, name, compatible, uuids)
devices_blob += NULL_DEVICE
return devices_blob + strings_blob
STUB_SBAT = """\ STUB_SBAT = """\
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/ uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/
@ -997,15 +1152,16 @@ def make_uki(opts: UkifyConfig) -> None:
if opts.linux and sign_args_present: if opts.linux and sign_args_present:
assert opts.signtool is not None assert opts.signtool is not None
signtool = SignTool.from_string(opts.signtool)
if not sign_kernel: if not sign_kernel:
# figure out if we should sign the kernel # figure out if we should sign the kernel
sign_kernel = opts.signtool.verify(opts) sign_kernel = signtool.verify(opts)
if sign_kernel: if sign_kernel:
linux_signed = tempfile.NamedTemporaryFile(prefix='linux-signed') linux_signed = tempfile.NamedTemporaryFile(prefix='linux-signed')
linux = Path(linux_signed.name) linux = Path(linux_signed.name)
opts.signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts) signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
if opts.uname is None and opts.linux is not None: if opts.uname is None and opts.linux is not None:
print('Kernel version not specified, starting autodetection 😖.') print('Kernel version not specified, starting autodetection 😖.')
@ -1041,11 +1197,18 @@ def make_uki(opts: UkifyConfig) -> None:
print('+', shell_join(cmd)) print('+', shell_join(cmd))
pcrpkey = subprocess.check_output(cmd) pcrpkey = subprocess.check_output(cmd)
hwids = None
if opts.hwids is not None:
hwids = parse_hwid_dir(opts.hwids)
sections = [ sections = [
# name, content, measure? # name, content, measure?
('.osrel', opts.os_release, True), ('.osrel', opts.os_release, True),
('.cmdline', opts.cmdline, True), ('.cmdline', opts.cmdline, True),
('.dtb', opts.devicetree, True), ('.dtb', opts.devicetree, True),
*(('.dtbauto', dtb, True) for dtb in opts.devicetree_auto),
('.hwids', hwids, True),
('.uname', opts.uname, True), ('.uname', opts.uname, True),
('.splash', opts.splash, True), ('.splash', opts.splash, True),
('.pcrpkey', pcrpkey, True), ('.pcrpkey', pcrpkey, True),
@ -1159,7 +1322,9 @@ def make_uki(opts: UkifyConfig) -> None:
if sign_args_present: if sign_args_present:
assert opts.signtool is not None assert opts.signtool is not None
opts.signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts) signtool = SignTool.from_string(opts.signtool)
signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts)
# We end up with no executable bits, let's reapply them # We end up with no executable bits, let's reapply them
os.umask(umask := os.umask(0)) os.umask(umask := os.umask(0))
@ -1489,10 +1654,10 @@ class ConfigItem:
else: else:
conv = lambda s: s # noqa: E731 conv = lambda s: s # noqa: E731
# This is a bit ugly, but --initrd is the only option which is specified # This is a bit ugly, but --initrd and --devicetree-auto are the only options
# with multiple args on the command line and a space-separated list in the # with multiple args on the command line and a space-separated list in the
# config file. # config file.
if self.name == '--initrd': if self.name in ['--initrd', '--devicetree-auto']:
value = [conv(v) for v in value.split()] value = [conv(v) for v in value.split()]
else: else:
value = conv(value) value = conv(value)
@ -1512,26 +1677,6 @@ class ConfigItem:
return (section_name, key, value) return (section_name, key, value)
class SignToolAction(argparse.Action):
def __call__(
self,
parser: argparse.ArgumentParser,
namespace: argparse.Namespace,
values: Union[str, Sequence[Any], None] = None,
option_string: Optional[str] = None,
) -> None:
if values is None:
setattr(namespace, 'signtool', None)
elif values == 'sbsign':
setattr(namespace, 'signtool', SbSign)
elif values == 'pesign':
setattr(namespace, 'signtool', PeSign)
elif values == 'systemd-sbsign':
setattr(namespace, 'signtool', SystemdSbSign)
else:
raise ValueError(f"Unknown signtool '{values}' (this is unreachable)")
VERBS = ('build', 'genkey', 'inspect') VERBS = ('build', 'genkey', 'inspect')
CONFIG_ITEMS = [ CONFIG_ITEMS = [
@ -1605,6 +1750,23 @@ CONFIG_ITEMS = [
help='Device Tree file [.dtb section]', help='Device Tree file [.dtb section]',
config_key='UKI/DeviceTree', config_key='UKI/DeviceTree',
), ),
ConfigItem(
'--devicetree-auto',
metavar='PATH',
type=Path,
action='append',
help='DeviceTree file for automatic selection [.dtbauto section]',
default=[],
config_key='UKI/DeviceTreeAuto',
config_push=ConfigItem.config_list_prepend,
),
ConfigItem(
'--hwids',
metavar='DIR',
type=Path,
help='Directory with HWID text files [.hwids section]',
config_key='UKI/HWIDs',
),
ConfigItem( ConfigItem(
'--uname', '--uname',
metavar='VERSION', metavar='VERSION',
@ -1688,7 +1850,6 @@ CONFIG_ITEMS = [
ConfigItem( ConfigItem(
'--signtool', '--signtool',
choices=('sbsign', 'pesign', 'systemd-sbsign'), choices=('sbsign', 'pesign', 'systemd-sbsign'),
action=SignToolAction,
dest='signtool', dest='signtool',
help=( help=(
'whether to use sbsign or pesign. It will also be inferred by the other ' 'whether to use sbsign or pesign. It will also be inferred by the other '
@ -2005,24 +2166,24 @@ def finalize_options(opts: argparse.Namespace) -> None:
) )
elif bool(opts.sb_key) and bool(opts.sb_cert): elif bool(opts.sb_key) and bool(opts.sb_cert):
# both param given, infer sbsign and in case it was given, ensure signtool=sbsign # both param given, infer sbsign and in case it was given, ensure signtool=sbsign
if opts.signtool and opts.signtool not in (SbSign, SystemdSbSign): if opts.signtool and opts.signtool not in ('sbsign', 'systemd-sbsign'):
raise ValueError( raise ValueError(
f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501 f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501
) )
if not opts.signtool: if not opts.signtool:
opts.signtool = SbSign opts.signtool = 'sbsign'
elif bool(opts.sb_cert_name): elif bool(opts.sb_cert_name):
# sb_cert_name given, infer pesign and in case it was given, ensure signtool=pesign # sb_cert_name given, infer pesign and in case it was given, ensure signtool=pesign
if opts.signtool and opts.signtool != PeSign: if opts.signtool and opts.signtool != 'pesign':
raise ValueError( raise ValueError(
f'Cannot provide --signtool={opts.signtool} with --secureboot-certificate-name=' f'Cannot provide --signtool={opts.signtool} with --secureboot-certificate-name='
) )
opts.signtool = PeSign opts.signtool = 'pesign'
if opts.signing_provider and opts.signtool != SystemdSbSign: if opts.signing_provider and opts.signtool != 'systemd-sbsign':
raise ValueError('--signing-provider= can only be used with--signtool=systemd-sbsign') raise ValueError('--signing-provider= can only be used with--signtool=systemd-sbsign')
if opts.certificate_provider and opts.signtool != SystemdSbSign: if opts.certificate_provider and opts.signtool != 'systemd-sbsign':
raise ValueError('--certificate-provider= can only be used with--signtool=systemd-sbsign') raise ValueError('--certificate-provider= can only be used with--signtool=systemd-sbsign')
if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name: if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name:

View File

@ -23,6 +23,7 @@
#include "user-util.h" #include "user-util.h"
#include "userdb.h" #include "userdb.h"
#include "verbs.h" #include "verbs.h"
#include "virt.h"
static enum { static enum {
OUTPUT_CLASSIC, OUTPUT_CLASSIC,
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
return 0; return 0;
} }
static bool test_show_mapped(void) {
/* Show mapped user range only in environments where user mapping is a thing. */
return running_in_userns() > 0;
}
static const struct { static const struct {
uid_t first, last; uid_t first, last;
const char *name; const char *name;
UserDisposition disposition; UserDisposition disposition;
bool (*test)(void);
} uid_range_table[] = { } uid_range_table[] = {
{ {
.first = 1, .first = 1,
@ -175,11 +182,12 @@ static const struct {
.last = MAP_UID_MAX, .last = MAP_UID_MAX,
.name = "mapped", .name = "mapped",
.disposition = USER_REGULAR, .disposition = USER_REGULAR,
.test = test_show_mapped,
}, },
}; };
static int table_add_uid_boundaries(Table *table, const UIDRange *p) { static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
int r; int r, n_added = 0;
assert(table); assert(table);
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " users ", " begin ", i->name, " users ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same UID */ TABLE_INT, 1); /* sort after any other entry with the same UID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return ELEMENTSOF(uid_range_table) * 2; return n_added;
} }
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) { static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
} }
static int table_add_gid_boundaries(Table *table, const UIDRange *p) { static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
int r; int r, n_added = 0;
assert(table); assert(table);
FOREACH_ELEMENT(i, uid_range_table) { FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL; _cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1)) if (!uid_range_covers(p, i->first, i->last - i->first + 1))
continue; continue;
if (i->test && !i->test())
continue;
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN), name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
" begin ", i->name, " groups ", " begin ", i->name, " groups ",
special_glyph(SPECIAL_GLYPH_ARROW_DOWN)); special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
TABLE_INT, 1); /* sort after any other entry with the same GID */ TABLE_INT, 1); /* sort after any other entry with the same GID */
if (r < 0) if (r < 0)
return table_log_add_error(r); return table_log_add_error(r);
n_added += 2;
} }
return ELEMENTSOF(uid_range_table) * 2; return n_added;
} }
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) { static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {

View File

@ -2182,6 +2182,10 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
(void) sd_event_add_signal(event, NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, NULL); (void) sd_event_add_signal(event, NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, NULL);
r = sd_event_add_memory_pressure(event, NULL, NULL, NULL);
if (r < 0)
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
/* Exit when the child exits */ /* Exit when the child exits */
(void) event_add_child_pidref(event, NULL, &child_pidref, WEXITED, on_child_exit, NULL); (void) event_add_child_pidref(event, NULL, &child_pidref, WEXITED, on_child_exit, NULL);

View File

@ -960,10 +960,13 @@ exec $(systemctl cat systemd-networkd.service | sed -n '/^ExecStart=/ {{ s/^.*=/
# wait until devices got created # wait until devices got created
for _ in range(50): for _ in range(50):
out = subprocess.check_output(['ip', 'a', 'show', 'dev', self.if_router]) if subprocess.run(['ip', 'link', 'show', 'dev', self.if_router],
if b'state UP' in out and b'scope global' in out: stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL).returncode == 0:
break break
time.sleep(0.1) time.sleep(0.1)
else:
subprocess.call(['ip', 'link', 'show', 'dev', self.if_router])
self.fail('Timed out waiting for {ifr} created.'.format(ifr=self.if_router))
def shutdown_iface(self): def shutdown_iface(self):
'''Remove test interface and stop DHCP server''' '''Remove test interface and stop DHCP server'''

View File

@ -1712,18 +1712,18 @@ check_coverage_reports() {
# Create a coverage report that will later be uploaded. Remove info about system # Create a coverage report that will later be uploaded. Remove info about system
# libraries/headers and generated files, as we don't really care about them. # libraries/headers and generated files, as we don't really care about them.
lcov --directory "${root}/${BUILD_DIR:?}" --capture --exclude "*.gperf" --output-file "${dest}.new" lcov --ignore-errors inconsistent --directory "${root}/${BUILD_DIR:?}" --capture --exclude "*.gperf" --output-file "${dest}.new"
if [[ -f "$dest" ]]; then if [[ -f "$dest" ]]; then
# If the destination report file already exists, don't overwrite it, but # If the destination report file already exists, don't overwrite it, but
# merge it with the already present one - this usually happens when # merge it with the already present one - this usually happens when
# running both "parts" of a test in one run (the qemu and the nspawn part). # running both "parts" of a test in one run (the qemu and the nspawn part).
lcov --add-tracefile "${dest}" --add-tracefile "${dest}.new" -o "${dest}" lcov --ignore-errors inconsistent --add-tracefile "${dest}" --add-tracefile "${dest}.new" -o "${dest}"
else else
# If there's no prior coverage report, merge the new one with the base # If there's no prior coverage report, merge the new one with the base
# report we did during the setup phase (see test_setup()). # report we did during the setup phase (see test_setup()).
lcov --add-tracefile "${TESTDIR:?}/coverage-base" --add-tracefile "${dest}.new" -o "${dest}" lcov --ignore-errors inconsistent --add-tracefile "${TESTDIR:?}/coverage-base" --add-tracefile "${dest}.new" -o "${dest}"
fi fi
lcov --remove "$dest" -o "$dest" '/usr/include/*' '/usr/lib/*' "${BUILD_DIR:?}/*" lcov --ignore-errors inconsistent --remove "$dest" -o "$dest" '/usr/include/*' '/usr/lib/*' "${BUILD_DIR:?}/*"
rm -f "${dest}.new" rm -f "${dest}.new"
# If the test logs contain lines like: # If the test logs contain lines like:

View File

@ -1,18 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Name=router-low
[Network]
IPv6AcceptRA=no
IPv6SendRA=yes
[IPv6SendRA]
# changed from low to high
RouterPreference=high
EmitDNS=no
EmitDomains=no
[IPv6Prefix]
Prefix=2002:da8:1:98::/64
PreferredLifetimeSec=1000s
ValidLifetimeSec=2100s

View File

@ -1,18 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
Name=router-high
[Network]
IPv6AcceptRA=no
IPv6SendRA=yes
[IPv6SendRA]
# changed from high to low
RouterPreference=low
EmitDNS=no
EmitDomains=no
[IPv6Prefix]
Prefix=2002:da8:1:99::/64
PreferredLifetimeSec=1000s
ValidLifetimeSec=2100s

View File

@ -6391,6 +6391,27 @@ class NetworkdRATests(unittest.TestCase, Utilities):
self.check_ipv6_sysctl_attr('client', 'hop_limit', '43') self.check_ipv6_sysctl_attr('client', 'hop_limit', '43')
def check_router_preference(self, suffix, metric_1, preference_1, metric_2, preference_2):
self.wait_online('client:routable')
self.wait_address('client', f'2002:da8:1:99:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
self.wait_address('client', f'2002:da8:1:98:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1}', ipv='-6', timeout_sec=10)
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2}', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1} expires [0-9]*sec pref {preference_1}')
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2} expires [0-9]*sec pref {preference_2}')
for i in [100, 200, 300, 512, 1024, 2048]:
if i not in [metric_1, metric_2]:
self.assertNotIn(f'metric {i} ', output)
for i in ['low', 'medium', 'high']:
if i not in [preference_1, preference_2]:
self.assertNotIn(f'pref {i}', output)
def test_router_preference(self): def test_router_preference(self):
copy_network_unit('25-veth-client.netdev', copy_network_unit('25-veth-client.netdev',
'25-veth-router-high.netdev', '25-veth-router-high.netdev',
@ -6409,72 +6430,47 @@ class NetworkdRATests(unittest.TestCase, Utilities):
networkctl_reconfigure('client') networkctl_reconfigure('client')
self.wait_online('client:routable') self.wait_online('client:routable')
self.check_router_preference('00', 512, 'high', 2048, 'low')
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10) # change the map from preference to metric.
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512 expires [0-9]*sec pref high')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048 expires [0-9]*sec pref low')
with open(os.path.join(network_unit_dir, '25-veth-client.network'), mode='a', encoding='utf-8') as f: with open(os.path.join(network_unit_dir, '25-veth-client.network'), mode='a', encoding='utf-8') as f:
f.write('\n[Link]\nMACAddress=12:34:56:78:9a:01\n[IPv6AcceptRA]\nRouteMetric=100:200:300\n') f.write('\n[Link]\nMACAddress=12:34:56:78:9a:01\n[IPv6AcceptRA]\nRouteMetric=100:200:300\n')
networkctl_reload() networkctl_reload()
self.wait_online('client:routable') self.check_router_preference('01', 100, 'high', 300, 'low')
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100', ipv='-6', timeout_sec=10)
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100 expires [0-9]*sec pref high')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300 expires [0-9]*sec pref low')
self.assertNotIn('metric 512', output)
self.assertNotIn('metric 2048', output)
# swap the preference (for issue #28439) # swap the preference (for issue #28439)
remove_network_unit('25-veth-router-high.network', '25-veth-router-low.network') with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
copy_network_unit('25-veth-router-high2.network', '25-veth-router-low2.network') f.write('\n[IPv6SendRA]\nRouterPreference=low\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=high\n')
networkctl_reload() networkctl_reload()
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300', ipv='-6', timeout_sec=10) self.check_router_preference('01', 300, 'low', 100, 'high')
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default')
output = check_output('ip -6 route show dev client default')
print(output)
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300 expires [0-9]*sec pref low')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100 expires [0-9]*sec pref high')
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100')
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300')
self.assertNotIn('metric 512', output)
self.assertNotIn('metric 2048', output)
# Use the same preference, and check if the two routes are not coalesced. See issue #33470. # Use the same preference, and check if the two routes are not coalesced. See issue #33470.
with open(os.path.join(network_unit_dir, '25-veth-router-high2.network'), mode='a', encoding='utf-8') as f: with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n') f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low2.network'), mode='a', encoding='utf-8') as f: with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n') f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
networkctl_reload() networkctl_reload()
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200', ipv='-6', timeout_sec=10) self.check_router_preference('01', 200, 'medium', 200, 'medium')
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200', ipv='-6', timeout_sec=10)
print('### ip -6 route show dev client default') # Use route options to configure default routes.
output = check_output('ip -6 route show dev client default') # The preference specified in the RA header should be ignored. See issue #33468.
print(output) with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200 expires [0-9]*sec pref medium') f.write('\n[IPv6SendRA]\nRouterPreference=high\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200 expires [0-9]*sec pref medium') with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
self.assertNotIn('pref high', output) f.write('\n[IPv6SendRA]\nRouterPreference=low\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
self.assertNotIn('pref low', output) networkctl_reload()
self.assertNotIn('metric 512', output) self.check_router_preference('01', 200, 'medium', 200, 'medium')
self.assertNotIn('metric 2048', output)
# Set zero lifetime to the route options.
# The preference specified in the RA header should be used.
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
f.write('LifetimeSec=0\n')
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
f.write('LifetimeSec=0\n')
networkctl_reload()
self.check_router_preference('01', 100, 'high', 300, 'low')
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops): def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
if not manage_foreign_nexthops: if not manage_foreign_nexthops:

View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
set -o pipefail
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
(! systemd-run --wait -p DynamicUser=yes \
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
-p WorkingDirectory='~' true)
assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
(! systemd-run --wait -p DynamicUser=yes -p User=testuser \
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
-p WorkingDirectory='~' true)

View File

@ -3,6 +3,14 @@
set -eux set -eux
set -o pipefail set -o pipefail
if systemd-analyze compare-versions "$(nvme --version | grep libnvme | awk '{print $3}')" eq 1.11; then
if grep -q "CONFIG_NVME_TCP_TLS is not set" "/boot/config-$(uname -r)" 2>/dev/null || grep -q "CONFIG_NVME_TCP_TLS is not set" "/usr/lib/modules/$(uname -r)/config" 2>/dev/null; then
# See: https://github.com/linux-nvme/nvme-cli/issues/2573
echo "nvme-cli is broken and requires TLS support in the kernel" >/skipped
exit 77
fi
fi
/usr/lib/systemd/systemd-storagetm --list-devices /usr/lib/systemd/systemd-storagetm --list-devices
modprobe -v nvmet-tcp modprobe -v nvmet-tcp

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SHELL_EXTRA_DROPIN %} {% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSH_PROXY_DROPIN %} {% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Copy systemd-stub provided metadata such as PCR signature and public key file # Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage # from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSHD_USERDB_DROPIN %} {% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d /etc/credstore 0700 root root d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
L /etc/os-release - - - - ../usr/lib/os-release L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /home 0755 - - - Q /home 0755 - - -
q /srv 0755 - - - q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Set the NOCOW attribute for directories of journal files. This flag # Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only # is inherited by their new files and sub-directories. Matters only

View File

@ -5,26 +5,28 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# These files are considered legacy and are unnecessary on legacy-free # The functionality provided by these files and directories has been replaced
# systems. # by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root - d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock L /var/lock - - - - ../run/lock
{% if HAVE_SYSV_COMPAT %}
{% if CREATE_LOG_DIRS %} {% if CREATE_LOG_DIRS %}
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %} {% endif %}
# /run/lock/subsys is used for serializing SysV service execution, and # /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems. # hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root - d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force' # 'quotacheck.mode=force'
r! /forcefsck r! /forcefsck
r! /fastboot r! /fastboot
r! /forcequotacheck r! /forcequotacheck
{% endif %}

Some files were not shown because too many files have changed in this diff Show More