Compare commits
17 Commits
1034044260
...
5e258d734a
Author | SHA1 | Date |
---|---|---|
Mitsuha_QuQ | 5e258d734a | |
Mitsuha_QuQ | 18850e3a1b | |
Yu Watanabe | e4c01fe6af | |
Zbigniew Jędrzejewski-Szmek | 05d418fed9 | |
Renaud Métrich | 1bdecfb8e7 | |
Lennart Poettering | 437d6de1fe | |
Lennart Poettering | 50406dc7f1 | |
Lennart Poettering | 4f309abb3e | |
Lennart Poettering | 9434438543 | |
Lennart Poettering | 3afda7c797 | |
Lennart Poettering | 74cb2db9f4 | |
Lennart Poettering | 220431724b | |
Zbigniew Jędrzejewski-Szmek | d688c5d653 | |
Zbigniew Jędrzejewski-Szmek | 050b4981e0 | |
Yu Watanabe | 9f773037a0 | |
Yu Watanabe | 1797240104 | |
Yu Watanabe | a55100e66c |
|
@ -39,7 +39,6 @@ BuildPackages=
|
||||||
libidn2
|
libidn2
|
||||||
libmicrohttpd
|
libmicrohttpd
|
||||||
libseccomp
|
libseccomp
|
||||||
libtool
|
|
||||||
libutil-linux
|
libutil-linux
|
||||||
libxkbcommon
|
libxkbcommon
|
||||||
libxslt
|
libxslt
|
||||||
|
|
|
@ -48,7 +48,6 @@ BuildPackages=
|
||||||
libqrencode-dev
|
libqrencode-dev
|
||||||
libseccomp-dev
|
libseccomp-dev
|
||||||
libsmartcols-dev
|
libsmartcols-dev
|
||||||
libtool
|
|
||||||
libxkbcommon-dev
|
libxkbcommon-dev
|
||||||
libzstd-dev
|
libzstd-dev
|
||||||
m4
|
m4
|
||||||
|
|
|
@ -53,6 +53,7 @@ BuildPackages=
|
||||||
lz4-devel
|
lz4-devel
|
||||||
m4
|
m4
|
||||||
meson
|
meson
|
||||||
|
ninja-build
|
||||||
openssl-devel
|
openssl-devel
|
||||||
p11-kit-devel
|
p11-kit-devel
|
||||||
pam-devel
|
pam-devel
|
||||||
|
|
|
@ -50,7 +50,6 @@ BuildPackages=
|
||||||
libqrencode-dev
|
libqrencode-dev
|
||||||
libseccomp-dev
|
libseccomp-dev
|
||||||
libsmartcols-dev
|
libsmartcols-dev
|
||||||
libtool
|
|
||||||
libxkbcommon-dev
|
libxkbcommon-dev
|
||||||
libxtables-dev
|
libxtables-dev
|
||||||
libzstd-dev
|
libzstd-dev
|
||||||
|
|
|
@ -255,6 +255,10 @@ sensor:modalias:acpi:BOSC0200*:dmi:*:svnCube:pnI15-TC:*
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni8-T:*
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni8-T:*
|
||||||
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
|
||||||
|
|
||||||
|
# Cube KNote 5
|
||||||
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni1102:*
|
||||||
|
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Cytrix (Mytrix)
|
# Cytrix (Mytrix)
|
||||||
#########################################
|
#########################################
|
||||||
|
|
|
@ -5524,12 +5524,12 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
|
||||||
<para>In addition to these properties there are the following:</para>
|
<para>In addition to these properties there are the following:</para>
|
||||||
|
|
||||||
<para><varname>NAccepted</varname> contains the accumulated number of connections ever accepted on this
|
<para><varname>NAccepted</varname> contains the accumulated number of connections ever accepted on this
|
||||||
socket. This only applies to sockets with <varname>Accept</varname> set to <literal>true</literal>,
|
socket. This only applies to sockets with <varname>Accept</varname> set to <literal>yes</literal>,
|
||||||
i.e. those where systemd is responsible for accepted connections. </para>
|
i.e. those where systemd is responsible for accepted connections. </para>
|
||||||
|
|
||||||
<para>Similarly <varname>NConnections</varname> contains the number of currently open connections on
|
<para>Similarly <varname>NConnections</varname> contains the number of currently open connections on
|
||||||
this socket. It only applies only to socket units with <varname>Accept</varname> set to
|
this socket. It only applies only to socket units with <varname>Accept</varname> set to
|
||||||
<literal>true</literal>.</para>
|
<literal>yes</literal>.</para>
|
||||||
|
|
||||||
<para><varname>Result</varname> encodes the reason why a socket unit failed if it is in the
|
<para><varname>Result</varname> encodes the reason why a socket unit failed if it is in the
|
||||||
<literal>failed</literal> state (see <varname>ActiveState</varname> above). The values
|
<literal>failed</literal> state (see <varname>ActiveState</varname> above). The values
|
||||||
|
|
|
@ -389,14 +389,14 @@
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><varname>Accept=</varname></term>
|
<term><varname>Accept=</varname></term>
|
||||||
<listitem><para>Takes a boolean argument. If true, a service
|
<listitem><para>Takes a boolean argument. If yes, a service
|
||||||
instance is spawned for each incoming connection and only the
|
instance is spawned for each incoming connection and only the
|
||||||
connection socket is passed to it. If false, all listening
|
connection socket is passed to it. If no, all listening
|
||||||
sockets themselves are passed to the started service unit, and
|
sockets themselves are passed to the started service unit, and
|
||||||
only one service unit is spawned for all connections (also see
|
only one service unit is spawned for all connections (also see
|
||||||
above). This value is ignored for datagram sockets and FIFOs
|
above). This value is ignored for datagram sockets and FIFOs
|
||||||
where a single service unit unconditionally handles all
|
where a single service unit unconditionally handles all
|
||||||
incoming traffic. Defaults to <option>false</option>. For
|
incoming traffic. Defaults to <option>no</option>. For
|
||||||
performance reasons, it is recommended to write new daemons
|
performance reasons, it is recommended to write new daemons
|
||||||
only in a way that is suitable for
|
only in a way that is suitable for
|
||||||
<option>Accept=no</option>. A daemon listening on an
|
<option>Accept=no</option>. A daemon listening on an
|
||||||
|
@ -632,7 +632,7 @@
|
||||||
the value of the <varname>SELinuxContext=</varname> option.
|
the value of the <varname>SELinuxContext=</varname> option.
|
||||||
This configuration option only affects sockets with
|
This configuration option only affects sockets with
|
||||||
<varname>Accept=</varname> mode set to
|
<varname>Accept=</varname> mode set to
|
||||||
<literal>true</literal>. Also note that this option is useful
|
<literal>yes</literal>. Also note that this option is useful
|
||||||
only when MLS/MCS SELinux policy is deployed. Defaults to
|
only when MLS/MCS SELinux policy is deployed. Defaults to
|
||||||
<literal>false</literal>. </para></listitem>
|
<literal>false</literal>. </para></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -369,11 +369,11 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
|
||||||
r = dissected_image_acquire_metadata(m);
|
r = dissected_image_acquire_metadata(m);
|
||||||
if (r == -ENXIO)
|
if (r == -ENXIO)
|
||||||
return log_error_errno(r, "No root partition discovered.");
|
return log_error_errno(r, "No root partition discovered.");
|
||||||
if (r == -EMEDIUMTYPE)
|
|
||||||
return log_error_errno(r, "Not a valid OS image, no os-release file included.");
|
|
||||||
if (r == -EUCLEAN)
|
if (r == -EUCLEAN)
|
||||||
return log_error_errno(r, "File system check of image failed.");
|
return log_error_errno(r, "File system check of image failed.");
|
||||||
if (r == -EUNATCH)
|
if (r == -EMEDIUMTYPE)
|
||||||
|
log_warning_errno(r, "Not a valid OS image, no os-release file included. Proceeding anyway.");
|
||||||
|
else if (r == -EUNATCH)
|
||||||
log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata.");
|
log_warning_errno(r, "OS image is encrypted, proceeding without showing OS image metadata.");
|
||||||
else if (r == -EBUSY)
|
else if (r == -EBUSY)
|
||||||
log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata.");
|
log_warning_errno(r, "OS image is currently in use, proceeding without showing OS image metadata.");
|
||||||
|
@ -403,9 +403,13 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
|
||||||
p == m->os_release ? "OS Release:" : " ",
|
p == m->os_release ? "OS Release:" : " ",
|
||||||
*p, *q);
|
*p, *q);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (arg_json) {
|
if (m->hostname ||
|
||||||
|
!sd_id128_is_null(m->machine_id) ||
|
||||||
|
!strv_isempty(m->machine_info) ||
|
||||||
|
!strv_isempty(m->os_release))
|
||||||
|
putc('\n', stdout);
|
||||||
|
} else {
|
||||||
_cleanup_(json_variant_unrefp) JsonVariant *mi = NULL, *osr = NULL;
|
_cleanup_(json_variant_unrefp) JsonVariant *mi = NULL, *osr = NULL;
|
||||||
|
|
||||||
if (!strv_isempty(m->machine_info)) {
|
if (!strv_isempty(m->machine_info)) {
|
||||||
|
@ -431,9 +435,6 @@ static int action_dissect(DissectedImage *m, LoopDevice *d) {
|
||||||
return log_oom();
|
return log_oom();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!arg_json)
|
|
||||||
putc('\n', stdout);
|
|
||||||
|
|
||||||
t = table_new("rw", "designator", "partition uuid", "fstype", "architecture", "verity", "node", "partno");
|
t = table_new("rw", "designator", "partition uuid", "fstype", "architecture", "verity", "node", "partno");
|
||||||
if (!t)
|
if (!t)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
|
|
|
@ -69,7 +69,8 @@ struct Manager {
|
||||||
usec_t speed_meter_usec_new;
|
usec_t speed_meter_usec_new;
|
||||||
usec_t speed_meter_usec_old;
|
usec_t speed_meter_usec_old;
|
||||||
|
|
||||||
bool dhcp4_prefix_root_cannot_set_table;
|
bool dhcp4_prefix_root_cannot_set_table:1;
|
||||||
|
bool bridge_mdb_on_master_not_supported:1;
|
||||||
};
|
};
|
||||||
|
|
||||||
int manager_new(Manager **ret);
|
int manager_new(Manager **ret);
|
||||||
|
|
|
@ -103,7 +103,13 @@ static int set_mdb_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
r = sd_netlink_message_get_errno(m);
|
r = sd_netlink_message_get_errno(m);
|
||||||
if (r < 0 && r != -EEXIST) {
|
if (r == -EINVAL && streq_ptr(link->kind, "bridge") && (!link->network || !link->network->bridge)) {
|
||||||
|
/* To configure bridge MDB entries on bridge master, 1bc844ee0faa1b92e3ede00bdd948021c78d7088 (v5.4) is required. */
|
||||||
|
if (!link->manager->bridge_mdb_on_master_not_supported) {
|
||||||
|
log_link_warning_errno(link, r, "Kernel seems not to support configuring bridge MDB entries on bridge master, ignoring: %m");
|
||||||
|
link->manager->bridge_mdb_on_master_not_supported = true;
|
||||||
|
}
|
||||||
|
} else if (r < 0 && r != -EEXIST) {
|
||||||
log_link_message_warning_errno(link, m, r, "Could not add MDB entry");
|
log_link_message_warning_errno(link, m, r, "Could not add MDB entry");
|
||||||
link_enter_failed(link);
|
link_enter_failed(link);
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -117,11 +123,23 @@ static int set_mdb_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int link_get_bridge_master_ifindex(Link *link) {
|
||||||
|
assert(link);
|
||||||
|
|
||||||
|
if (link->network && link->network->bridge)
|
||||||
|
return link->network->bridge->ifindex;
|
||||||
|
|
||||||
|
if (streq_ptr(link->kind, "bridge"))
|
||||||
|
return link->ifindex;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* send a request to the kernel to add an MDB entry */
|
/* send a request to the kernel to add an MDB entry */
|
||||||
static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
|
static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
|
||||||
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
|
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *req = NULL;
|
||||||
struct br_mdb_entry entry;
|
struct br_mdb_entry entry;
|
||||||
int r;
|
int master, r;
|
||||||
|
|
||||||
assert(link);
|
assert(link);
|
||||||
assert(link->network);
|
assert(link->network);
|
||||||
|
@ -136,14 +154,20 @@ static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
|
||||||
strna(a), mdb_entry->vlan_id);
|
strna(a), mdb_entry->vlan_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
master = link_get_bridge_master_ifindex(link);
|
||||||
|
if (master <= 0)
|
||||||
|
return log_link_error_errno(link, SYNTHETIC_ERRNO(EINVAL), "Invalid bridge master ifindex %i", master);
|
||||||
|
|
||||||
entry = (struct br_mdb_entry) {
|
entry = (struct br_mdb_entry) {
|
||||||
.state = MDB_PERMANENT,
|
/* If MDB entry is added on bridge master, then the state must be MDB_TEMPORARY.
|
||||||
|
* See br_mdb_add_group() in net/bridge/br_mdb.c of kernel. */
|
||||||
|
.state = master == link->ifindex ? MDB_TEMPORARY : MDB_PERMANENT,
|
||||||
.ifindex = link->ifindex,
|
.ifindex = link->ifindex,
|
||||||
.vid = mdb_entry->vlan_id,
|
.vid = mdb_entry->vlan_id,
|
||||||
};
|
};
|
||||||
|
|
||||||
/* create new RTM message */
|
/* create new RTM message */
|
||||||
r = sd_rtnl_message_new_mdb(link->manager->rtnl, &req, RTM_NEWMDB, link->network->bridge->ifindex);
|
r = sd_rtnl_message_new_mdb(link->manager->rtnl, &req, RTM_NEWMDB, master);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_error_errno(link, r, "Could not create RTM_NEWMDB message: %m");
|
return log_link_error_errno(link, r, "Could not create RTM_NEWMDB message: %m");
|
||||||
|
|
||||||
|
@ -178,30 +202,39 @@ static int mdb_entry_configure(Link *link, MdbEntry *mdb_entry) {
|
||||||
|
|
||||||
int link_set_bridge_mdb(Link *link) {
|
int link_set_bridge_mdb(Link *link) {
|
||||||
MdbEntry *mdb_entry;
|
MdbEntry *mdb_entry;
|
||||||
Link *master;
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(link);
|
assert(link);
|
||||||
|
assert(link->manager);
|
||||||
|
|
||||||
link->bridge_mdb_configured = false;
|
link->bridge_mdb_configured = false;
|
||||||
|
|
||||||
if (!link->network)
|
if (!link->network)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (!link->network->bridge) {
|
if (LIST_IS_EMPTY(link->network->static_mdb_entries))
|
||||||
link->bridge_mdb_configured = true;
|
goto finish;
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!link_has_carrier(link))
|
if (!link_has_carrier(link))
|
||||||
return log_link_debug(link, "Link does not have carrier yet, setting MDB entries later.");
|
return log_link_debug(link, "Link does not have carrier yet, setting MDB entries later.");
|
||||||
|
|
||||||
r = link_get(link->manager, link->network->bridge->ifindex, &master);
|
if (link->network->bridge) {
|
||||||
if (r < 0)
|
Link *master;
|
||||||
return log_link_error_errno(link, r, "Failed to get Link object for Bridge=%s", link->network->bridge->ifname);
|
|
||||||
|
|
||||||
if (!link_has_carrier(master))
|
r = link_get(link->manager, link->network->bridge->ifindex, &master);
|
||||||
return log_link_debug(link, "Bridge interface %s does not have carrier yet, setting MDB entries later.", link->network->bridge->ifname);
|
if (r < 0)
|
||||||
|
return log_link_error_errno(link, r, "Failed to get Link object for Bridge=%s", link->network->bridge->ifname);
|
||||||
|
|
||||||
|
if (!link_has_carrier(master))
|
||||||
|
return log_link_debug(link, "Bridge interface %s does not have carrier yet, setting MDB entries later.", link->network->bridge->ifname);
|
||||||
|
|
||||||
|
} else if (!streq_ptr(link->kind, "bridge")) {
|
||||||
|
log_link_warning(link, "Link is neither a bridge master nor a bridge port, ignoring [BridgeMDB] sections.");
|
||||||
|
goto finish;
|
||||||
|
} else if (link->manager->bridge_mdb_on_master_not_supported) {
|
||||||
|
log_link_debug(link, "Kernel seems not to support configuring bridge MDB entries on bridge master, ignoring [BridgeMDB] sections.");
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
|
||||||
LIST_FOREACH(static_mdb_entries, mdb_entry, link->network->static_mdb_entries) {
|
LIST_FOREACH(static_mdb_entries, mdb_entry, link->network->static_mdb_entries) {
|
||||||
r = mdb_entry_configure(link, mdb_entry);
|
r = mdb_entry_configure(link, mdb_entry);
|
||||||
|
@ -211,6 +244,7 @@ int link_set_bridge_mdb(Link *link) {
|
||||||
link->bridge_mdb_messages++;
|
link->bridge_mdb_messages++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
finish:
|
||||||
if (link->bridge_mdb_messages == 0) {
|
if (link->bridge_mdb_messages == 0) {
|
||||||
link->bridge_mdb_configured = true;
|
link->bridge_mdb_configured = true;
|
||||||
link_check_ready(link);
|
link_check_ready(link);
|
||||||
|
|
|
@ -306,14 +306,6 @@ int network_verify(Network *network) {
|
||||||
if (section_is_invalid(fdb->section))
|
if (section_is_invalid(fdb->section))
|
||||||
fdb_entry_free(fdb);
|
fdb_entry_free(fdb);
|
||||||
|
|
||||||
if (!LIST_IS_EMPTY(network->static_mdb_entries) && !network->bridge) {
|
|
||||||
log_warning("%s: Cannot configure MDB entries on non-bridge port, ignoring [BridgeMDB] sections.",
|
|
||||||
network->filename);
|
|
||||||
|
|
||||||
while ((mdb = network->static_mdb_entries))
|
|
||||||
mdb_entry_free(mdb);
|
|
||||||
}
|
|
||||||
|
|
||||||
LIST_FOREACH_SAFE(static_mdb_entries, mdb, mdb_next, network->static_mdb_entries)
|
LIST_FOREACH_SAFE(static_mdb_entries, mdb, mdb_next, network->static_mdb_entries)
|
||||||
if (mdb_entry_verify(mdb) < 0)
|
if (mdb_entry_verify(mdb) < 0)
|
||||||
mdb_entry_free(mdb);
|
mdb_entry_free(mdb);
|
||||||
|
|
|
@ -793,7 +793,12 @@ int dissect_image(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!m->partitions[PARTITION_ROOT].found) {
|
if (m->partitions[PARTITION_ROOT].found) {
|
||||||
|
/* If we found the primary arch, then invalidate the secondary arch to avoid any ambiguities,
|
||||||
|
* since we never want to mount the secondary arch in this case. */
|
||||||
|
m->partitions[PARTITION_ROOT_SECONDARY].found = false;
|
||||||
|
m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
|
||||||
|
} else {
|
||||||
/* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
|
/* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
|
||||||
* either, then check if there's a single generic one, and use that. */
|
* either, then check if there's a single generic one, and use that. */
|
||||||
|
|
||||||
|
@ -848,12 +853,6 @@ int dissect_image(
|
||||||
if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
|
if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
|
||||||
return -EADDRNOTAVAIL;
|
return -EADDRNOTAVAIL;
|
||||||
|
|
||||||
/* If we found the primary root with the hash, then we definitely want to suppress any secondary root
|
|
||||||
* (which would be weird, after all the root hash should only be assigned to one pair of
|
|
||||||
* partitions... */
|
|
||||||
m->partitions[PARTITION_ROOT_SECONDARY].found = false;
|
|
||||||
m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
|
|
||||||
|
|
||||||
/* If we found a verity setup, then the root partition is necessarily read-only. */
|
/* If we found a verity setup, then the root partition is necessarily read-only. */
|
||||||
m->partitions[PARTITION_ROOT].rw = false;
|
m->partitions[PARTITION_ROOT].rw = false;
|
||||||
|
|
||||||
|
@ -1034,7 +1033,7 @@ static int mount_partition(
|
||||||
/* If requested, turn on discard support. */
|
/* If requested, turn on discard support. */
|
||||||
if (fstype_can_discard(fstype) &&
|
if (fstype_can_discard(fstype) &&
|
||||||
((flags & DISSECT_IMAGE_DISCARD) ||
|
((flags & DISSECT_IMAGE_DISCARD) ||
|
||||||
((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node)))) {
|
((flags & DISSECT_IMAGE_DISCARD_ON_LOOP) && is_loop_device(m->node) > 0))) {
|
||||||
options = strdup("discard");
|
options = strdup("discard");
|
||||||
if (!options)
|
if (!options)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -1322,9 +1321,10 @@ static int decrypt_partition(
|
||||||
return r == -EPERM ? -EKEYREJECTED : r;
|
return r == -EPERM ? -EKEYREJECTED : r;
|
||||||
}
|
}
|
||||||
|
|
||||||
d->decrypted[d->n_decrypted].name = TAKE_PTR(name);
|
d->decrypted[d->n_decrypted++] = (DecryptedPartition) {
|
||||||
d->decrypted[d->n_decrypted].device = TAKE_PTR(cd);
|
.name = TAKE_PTR(name),
|
||||||
d->n_decrypted++;
|
.device = TAKE_PTR(cd),
|
||||||
|
};
|
||||||
|
|
||||||
m->decrypted_node = TAKE_PTR(node);
|
m->decrypted_node = TAKE_PTR(node);
|
||||||
|
|
||||||
|
@ -1466,7 +1466,8 @@ static int verity_partition(
|
||||||
verity->root_hash_sig_size,
|
verity->root_hash_sig_size,
|
||||||
CRYPT_ACTIVATE_READONLY);
|
CRYPT_ACTIVATE_READONLY);
|
||||||
#else
|
#else
|
||||||
r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "activation of verity device with signature requested, but not supported by cryptsetup due to missing crypt_activate_by_signed_key()");
|
r = log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
|
||||||
|
"Activation of verity device with signature requested, but not supported by %s due to missing crypt_activate_by_signed_key().", program_invocation_short_name);
|
||||||
#endif
|
#endif
|
||||||
} else
|
} else
|
||||||
r = sym_crypt_activate_by_volume_key(
|
r = sym_crypt_activate_by_volume_key(
|
||||||
|
@ -1483,10 +1484,10 @@ static int verity_partition(
|
||||||
if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
|
if (r == -EINVAL && FLAGS_SET(flags, DISSECT_IMAGE_VERITY_SHARE))
|
||||||
return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
|
return verity_partition(m, v, verity, flags & ~DISSECT_IMAGE_VERITY_SHARE, d);
|
||||||
if (!IN_SET(r,
|
if (!IN_SET(r,
|
||||||
0, /* Success */
|
0, /* Success */
|
||||||
-EEXIST, /* Volume is already open and ready to be used */
|
-EEXIST, /* Volume is already open and ready to be used */
|
||||||
-EBUSY, /* Volume is being opened but not ready, crypt_init_by_name can fetch details */
|
-EBUSY, /* Volume is being opened but not ready, crypt_init_by_name can fetch details */
|
||||||
-ENODEV /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */))
|
-ENODEV /* Volume is being opened but not ready, crypt_init_by_name would fail, try to open again */))
|
||||||
return r;
|
return r;
|
||||||
if (IN_SET(r, -EEXIST, -EBUSY)) {
|
if (IN_SET(r, -EEXIST, -EBUSY)) {
|
||||||
struct crypt_device *existing_cd = NULL;
|
struct crypt_device *existing_cd = NULL;
|
||||||
|
@ -1540,9 +1541,10 @@ static int verity_partition(
|
||||||
/* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
|
/* Everything looks good and we'll be able to mount the device, so deferred remove will be re-enabled at that point. */
|
||||||
restore_deferred_remove = mfree(restore_deferred_remove);
|
restore_deferred_remove = mfree(restore_deferred_remove);
|
||||||
|
|
||||||
d->decrypted[d->n_decrypted].name = TAKE_PTR(name);
|
d->decrypted[d->n_decrypted++] = (DecryptedPartition) {
|
||||||
d->decrypted[d->n_decrypted].device = TAKE_PTR(cd);
|
.name = TAKE_PTR(name),
|
||||||
d->n_decrypted++;
|
.device = TAKE_PTR(cd),
|
||||||
|
};
|
||||||
|
|
||||||
m->decrypted_node = TAKE_PTR(node);
|
m->decrypted_node = TAKE_PTR(node);
|
||||||
|
|
||||||
|
@ -1588,7 +1590,7 @@ int dissected_image_decrypt(
|
||||||
|
|
||||||
for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
|
for (PartitionDesignator i = 0; i < _PARTITION_DESIGNATOR_MAX; i++) {
|
||||||
DissectedPartition *p = m->partitions + i;
|
DissectedPartition *p = m->partitions + i;
|
||||||
int k;
|
PartitionDesignator k;
|
||||||
|
|
||||||
if (!p->found)
|
if (!p->found)
|
||||||
continue;
|
continue;
|
||||||
|
|
|
@ -595,6 +595,10 @@ static void test_exec_dynamicuser(Manager *m) {
|
||||||
(void) rm_rf("/var/lib/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
|
(void) rm_rf("/var/lib/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||||
(void) rm_rf("/var/lib/private/test-dynamicuser-migrate", REMOVE_ROOT|REMOVE_PHYSICAL);
|
(void) rm_rf("/var/lib/private/test-dynamicuser-migrate", REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||||
(void) rm_rf("/var/lib/private/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
|
(void) rm_rf("/var/lib/private/test-dynamicuser-migrate2", REMOVE_ROOT|REMOVE_PHYSICAL);
|
||||||
|
|
||||||
|
test(__func__, m, "exec-dynamicuser-runtimedirectory1.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
|
||||||
|
test(__func__, m, "exec-dynamicuser-runtimedirectory2.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
|
||||||
|
test(__func__, m, "exec-dynamicuser-runtimedirectory3.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void test_exec_environment(Manager *m) {
|
static void test_exec_environment(Manager *m) {
|
||||||
|
|
|
@ -1,11 +1,14 @@
|
||||||
# Puts together an nspawn container and runs networkd-test.py in it, inside a
|
# Puts together an nspawn container and runs networkd-test.py in it, inside a
|
||||||
# network namespace and everything. Run this with "mkosi
|
# network namespace and everything. Run this with
|
||||||
# --default=mkosi.default.networkd-test boot". This will start the test and
|
#
|
||||||
# eventually exit with success in case the test succeeded.
|
# mkosi -C test --default=mkosi.default.networkd-test boot
|
||||||
|
#
|
||||||
|
# This will start the test and eventually exit with success in case the test
|
||||||
|
# succeeded.
|
||||||
|
|
||||||
[Distribution]
|
[Distribution]
|
||||||
Distribution=fedora
|
Distribution=fedora
|
||||||
Release=29
|
Release=32
|
||||||
|
|
||||||
[Output]
|
[Output]
|
||||||
Format=raw_btrfs
|
Format=raw_btrfs
|
||||||
|
@ -45,13 +48,13 @@ BuildPackages=
|
||||||
libmount-devel
|
libmount-devel
|
||||||
libseccomp-devel
|
libseccomp-devel
|
||||||
libselinux-devel
|
libselinux-devel
|
||||||
libtool
|
|
||||||
libxkbcommon-devel
|
libxkbcommon-devel
|
||||||
libxslt
|
libxslt
|
||||||
lz4
|
lz4
|
||||||
lz4-devel
|
lz4-devel
|
||||||
m4
|
m4
|
||||||
meson
|
meson
|
||||||
|
ninja-build
|
||||||
pam-devel
|
pam-devel
|
||||||
pcre2-devel
|
pcre2-devel
|
||||||
pkgconfig
|
pkgconfig
|
||||||
|
@ -59,7 +62,6 @@ BuildPackages=
|
||||||
python3-lxml
|
python3-lxml
|
||||||
qrencode-devel
|
qrencode-devel
|
||||||
tree
|
tree
|
||||||
xz-devel
|
|
||||||
|
|
||||||
Packages=
|
Packages=
|
||||||
dnsmasq
|
dnsmasq
|
||||||
|
@ -69,8 +71,8 @@ Packages=
|
||||||
python3
|
python3
|
||||||
|
|
||||||
# Share caches with the top-level mkosi
|
# Share caches with the top-level mkosi
|
||||||
BuildDirectory=../mkosi.builddir
|
BuildDirectory=../mkosi/mkosi.builddir
|
||||||
Cache=../mkosi.cache
|
Cache=../mkosi/mkosi.cache
|
||||||
|
|
||||||
# Run our own script
|
# Run our own script
|
||||||
BuildScript=mkosi.build.networkd-test
|
BuildScript=mkosi.build.networkd-test
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
|
||||||
|
ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
|
||||||
|
ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
|
||||||
|
Type=oneshot
|
||||||
|
RuntimeDirectory=test-exec_runtimedirectorypreserve
|
||||||
|
RuntimeDirectoryPreserve=yes
|
||||||
|
DynamicUser=yes
|
|
@ -0,0 +1,12 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Test for RuntimeDirectory with RuntimeDirectoryPreserve=yes and DynamicUser=yes 2nd trial
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
|
||||||
|
ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
|
||||||
|
ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test'
|
||||||
|
ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
|
||||||
|
Type=oneshot
|
||||||
|
RuntimeDirectory=test-exec_runtimedirectorypreserve
|
||||||
|
RuntimeDirectoryPreserve=yes
|
||||||
|
DynamicUser=yes
|
|
@ -0,0 +1,11 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Test for RuntimeDirectory with DynamicUser=yes migrated from RuntimeDirectoryPreserve=yes
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/bin/sh -x -c 'test -d %t/test-exec_runtimedirectorypreserve'
|
||||||
|
ExecStart=/bin/sh -x -c 'test "$$RUNTIME_DIRECTORY" = "%t/test-exec_runtimedirectorypreserve"'
|
||||||
|
ExecStart=/bin/sh -x -c 'test -f $$RUNTIME_DIRECTORY/test'
|
||||||
|
ExecStart=/bin/sh -x -c 'touch $$RUNTIME_DIRECTORY/test'
|
||||||
|
Type=oneshot
|
||||||
|
RuntimeDirectory=test-exec_runtimedirectorypreserve
|
||||||
|
DynamicUser=yes
|
|
@ -3,3 +3,11 @@ Name=bridge99
|
||||||
|
|
||||||
[Network]
|
[Network]
|
||||||
IPv6AcceptRA=false
|
IPv6AcceptRA=false
|
||||||
|
|
||||||
|
[BridgeMDB]
|
||||||
|
VLANId=4066
|
||||||
|
MulticastGroupAddress=ff02:aaaa:fee5:0000:0000:0000:0001:0004
|
||||||
|
|
||||||
|
[BridgeMDB]
|
||||||
|
VLANId=4067
|
||||||
|
MulticastGroupAddress=224.0.1.2
|
||||||
|
|
|
@ -2969,6 +2969,11 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities):
|
||||||
self.assertRegex(output, 'dev bridge99 port test1 grp ff02:aaaa:fee5::1:3 permanent *vid 4064')
|
self.assertRegex(output, 'dev bridge99 port test1 grp ff02:aaaa:fee5::1:3 permanent *vid 4064')
|
||||||
self.assertRegex(output, 'dev bridge99 port test1 grp 224.0.1.1 permanent *vid 4065')
|
self.assertRegex(output, 'dev bridge99 port test1 grp 224.0.1.1 permanent *vid 4065')
|
||||||
|
|
||||||
|
# Old kernel may not support bridge MDB entries on bridge master
|
||||||
|
if call('bridge mdb add dev bridge99 port bridge99 grp 224.0.1.3 temp vid 4068', stderr=subprocess.DEVNULL) == 0:
|
||||||
|
self.assertRegex(output, 'dev bridge99 port bridge99 grp ff02:aaaa:fee5::1:4 temp *vid 4066')
|
||||||
|
self.assertRegex(output, 'dev bridge99 port bridge99 grp 224.0.1.2 temp *vid 4067')
|
||||||
|
|
||||||
def test_bridge_property(self):
|
def test_bridge_property(self):
|
||||||
copy_unit_to_networkd_unit_path('11-dummy.netdev', '12-dummy.netdev', '26-bridge.netdev',
|
copy_unit_to_networkd_unit_path('11-dummy.netdev', '12-dummy.netdev', '26-bridge.netdev',
|
||||||
'26-bridge-slave-interface-1.network', '26-bridge-slave-interface-2.network',
|
'26-bridge-slave-interface-1.network', '26-bridge-slave-interface-2.network',
|
||||||
|
|
Loading…
Reference in New Issue