mirror of
https://github.com/systemd/systemd
synced 2026-04-10 09:04:50 +02:00
Compare commits
No commits in common. "12caf7271655e16030e34279b1fb0b29a592f6ad" and "c65a0cf62f379e9b8fe33ab9bfe5cbcb6238cf56" have entirely different histories.
12caf72716
...
c65a0cf62f
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,6 +1,11 @@
|
|||||||
|
*.a
|
||||||
*.cache
|
*.cache
|
||||||
|
*.gch
|
||||||
|
*.log
|
||||||
|
*.o
|
||||||
*.plist
|
*.plist
|
||||||
*.py[co]
|
*.py[co]
|
||||||
|
*.stamp
|
||||||
*.swp
|
*.swp
|
||||||
*.trs
|
*.trs
|
||||||
*~
|
*~
|
||||||
|
|||||||
@ -286,14 +286,6 @@
|
|||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>Signed .efi files</title>
|
|
||||||
<para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
|
|
||||||
<command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
|
|
||||||
that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
|
|
||||||
signed images for UEFI SecureBoot.</para>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Exit status</title>
|
<title>Exit status</title>
|
||||||
<para>On success, 0 is returned, a non-zero failure code otherwise.</para>
|
<para>On success, 0 is returned, a non-zero failure code otherwise.</para>
|
||||||
|
|||||||
@ -167,11 +167,6 @@
|
|||||||
|
|
||||||
<para>If <varname>MACHINE_ID=</varname> is set and not empty, it will be used as <replaceable>MACHINE-ID</replaceable>,
|
<para>If <varname>MACHINE_ID=</varname> is set and not empty, it will be used as <replaceable>MACHINE-ID</replaceable>,
|
||||||
overriding any automatic detection attempts. The value must be a valid machine ID (32 hexadecimal characters).</para>
|
overriding any automatic detection attempts. The value must be a valid machine ID (32 hexadecimal characters).</para>
|
||||||
|
|
||||||
<para><varname>KERNEL_INSTALL_MACHINE_ID=</varname> is set for the plugins to the desired <replaceable>MACHINE-ID</replaceable> –
|
|
||||||
either 32 hexadecimal characters or the special value <literal>Default</literal>.</para>
|
|
||||||
<para><varname>KERNEL_INSTALL_BOOT_ROOT=</varname> is set for the plugins to the root directory (mount point, usually) of the hierarchy
|
|
||||||
where boot-loader entries, kernel images, and associated resources should be placed. Can be overriden by setting <varname>BOOT_ROOT=</varname>.</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
|
|||||||
@ -115,12 +115,6 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--dry-run</option></term>
|
|
||||||
<listitem><para>Process the configuration and figure out what entries would be created, but don't
|
|
||||||
actually write anything.</para></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--inline</option></term>
|
<term><option>--inline</option></term>
|
||||||
<listitem><para>Treat each positional argument as a separate configuration
|
<listitem><para>Treat each positional argument as a separate configuration
|
||||||
|
|||||||
@ -628,19 +628,14 @@ static int create_subdirs(const char *root, const char * const *subdirs) {
|
|||||||
|
|
||||||
static int copy_one_file(const char *esp_path, const char *name, bool force) {
|
static int copy_one_file(const char *esp_path, const char *name, bool force) {
|
||||||
const char *e;
|
const char *e;
|
||||||
char *p, *q, *dest_name, *s;
|
char *p, *q;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
dest_name = strdupa_safe(name);
|
|
||||||
s = endswith_no_case(dest_name, ".signed");
|
|
||||||
if (s)
|
|
||||||
*s = 0;
|
|
||||||
|
|
||||||
p = strjoina(BOOTLIBDIR "/", name);
|
p = strjoina(BOOTLIBDIR "/", name);
|
||||||
q = strjoina(esp_path, "/EFI/systemd/", dest_name);
|
q = strjoina(esp_path, "/EFI/systemd/", name);
|
||||||
r = copy_file_with_version_check(p, q, force);
|
r = copy_file_with_version_check(p, q, force);
|
||||||
|
|
||||||
e = startswith(dest_name, "systemd-boot");
|
e = startswith(name, "systemd-boot");
|
||||||
if (e) {
|
if (e) {
|
||||||
int k;
|
int k;
|
||||||
char *v;
|
char *v;
|
||||||
@ -669,18 +664,9 @@ static int install_binaries(const char *esp_path, bool force) {
|
|||||||
FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read \""BOOTLIBDIR"\": %m")) {
|
FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read \""BOOTLIBDIR"\": %m")) {
|
||||||
int k;
|
int k;
|
||||||
|
|
||||||
if (!endswith_no_case(de->d_name, ".efi") && !endswith_no_case(de->d_name, ".efi.signed"))
|
if (!endswith_no_case(de->d_name, ".efi"))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
/* skip the .efi file, if there's a .signed version of it */
|
|
||||||
if (endswith_no_case(de->d_name, ".efi")) {
|
|
||||||
_cleanup_free_ const char *s = strjoin(BOOTLIBDIR, "/", de->d_name, ".signed");
|
|
||||||
if (!s)
|
|
||||||
return log_oom();
|
|
||||||
if (access(s, F_OK) >= 0)
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
k = copy_one_file(esp_path, de->d_name, force);
|
k = copy_one_file(esp_path, de->d_name, force);
|
||||||
/* Don't propagate an error code if no update necessary, installed version already equal or
|
/* Don't propagate an error code if no update necessary, installed version already equal or
|
||||||
* newer version, or other boot loader in place. */
|
* newer version, or other boot loader in place. */
|
||||||
|
|||||||
@ -32,9 +32,10 @@ if [[ $COMMAND != add ]]; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create the entry directory if its parent exists ‒
|
# If the boot dir exists (e.g. $ESP/<machine-id>),
|
||||||
# this is an administrative decision and the only function of this plugin.
|
# create the entry directory ($ESP/<machine-id>/<kernel-version>).
|
||||||
MACHINE_ID_DIR="$KERNEL_INSTALL_BOOT_ROOT/$KERNEL_INSTALL_MACHINE_ID"
|
# This is the only function of this plugin.
|
||||||
|
MACHINE_ID_DIR="${ENTRY_DIR_ABS%/*}"
|
||||||
if ! [ -d "$MACHINE_ID_DIR" ]; then
|
if ! [ -d "$MACHINE_ID_DIR" ]; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -32,14 +32,14 @@ if ! [[ -d "$ENTRY_DIR_ABS" ]]; then
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
|
MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
|
||||||
BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT"
|
|
||||||
|
|
||||||
BOOT_MNT="$(stat -c %m "$BOOT_ROOT")"
|
BOOT_ROOT=${ENTRY_DIR_ABS%/$MACHINE_ID/$KERNEL_VERSION}
|
||||||
if [[ "$BOOT_MNT" == '/' ]]; then
|
BOOT_MNT=$(stat -c %m $BOOT_ROOT)
|
||||||
ENTRY_DIR="$ENTRY_DIR_ABS"
|
if [[ $BOOT_MNT == '/' ]]; then
|
||||||
|
ENTRY_DIR=$ENTRY_DIR_ABS
|
||||||
else
|
else
|
||||||
ENTRY_DIR="${ENTRY_DIR_ABS#$BOOT_MNT}"
|
ENTRY_DIR=${ENTRY_DIR_ABS#$BOOT_MNT}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $COMMAND == remove ]]; then
|
if [[ $COMMAND == remove ]]; then
|
||||||
|
|||||||
@ -93,28 +93,21 @@ fi
|
|||||||
[ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ] && [ "$(stat -fc %T /etc/machine-id)" != "tmpfs" ] && read -r MACHINE_ID < /etc/machine-id
|
[ -z "$MACHINE_ID" ] && [ -f /etc/machine-id ] && [ "$(stat -fc %T /etc/machine-id)" != "tmpfs" ] && read -r MACHINE_ID < /etc/machine-id
|
||||||
[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
|
[ -z "$MACHINE_ID" ] && MACHINE_ID="Default"
|
||||||
|
|
||||||
[ -z "$BOOT_ROOT" ] && for suff in "$MACHINE_ID" "Default" "loader/entries"; do
|
if [[ -d /efi/loader/entries ]] || [[ -d /efi/$MACHINE_ID ]]; then
|
||||||
for pref in "/efi" "/boot/efi" "/boot"; do
|
ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
if [ -d "$pref/$suff" ]; then
|
elif [[ -d /boot/loader/entries ]] || [[ -d /boot/$MACHINE_ID ]]; then
|
||||||
BOOT_ROOT="$pref"
|
ENTRY_DIR_ABS="/boot/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
break 2
|
elif [[ -d /boot/efi/loader/entries ]] || [[ -d /boot/efi/$MACHINE_ID ]]; then
|
||||||
fi
|
ENTRY_DIR_ABS="/boot/efi/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
done
|
elif mountpoint -q /efi; then
|
||||||
done
|
ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
|
elif mountpoint -q /boot/efi; then
|
||||||
[ -z "$BOOT_ROOT" ] && for pref in "/efi" "/boot/efi"; do
|
ENTRY_DIR_ABS="/boot/efi/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
if mountpoint -q "$pref"; then
|
else
|
||||||
BOOT_ROOT="$pref"
|
ENTRY_DIR_ABS="/boot/$MACHINE_ID/$KERNEL_VERSION"
|
||||||
break
|
fi
|
||||||
fi
|
|
||||||
done
|
|
||||||
[ -z "$BOOT_ROOT" ] && BOOT_ROOT="/boot"
|
|
||||||
|
|
||||||
|
|
||||||
ENTRY_DIR_ABS="$BOOT_ROOT/$MACHINE_ID/$KERNEL_VERSION"
|
|
||||||
|
|
||||||
export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
|
export KERNEL_INSTALL_MACHINE_ID="$MACHINE_ID"
|
||||||
export KERNEL_INSTALL_BOOT_ROOT="$BOOT_ROOT"
|
|
||||||
|
|
||||||
ret=0
|
ret=0
|
||||||
|
|
||||||
|
|||||||
@ -1602,21 +1602,13 @@ static int link_carrier_gained(Link *link) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_link_warning_errno(link, r, "Failed to disable carrier lost timer, ignoring: %m");
|
log_link_warning_errno(link, r, "Failed to disable carrier lost timer, ignoring: %m");
|
||||||
|
|
||||||
/* If a wireless interface was connected to an access point, and the SSID is changed (that is,
|
/* If the SSID is changed, then the connected wireless network could be changed. So, always
|
||||||
* both previous_ssid and ssid are non-NULL), then the connected wireless network could be
|
* reconfigure the link. Which means e.g. the DHCP client will be restarted, and the correct
|
||||||
* changed. So, always reconfigure the link. Which means e.g. the DHCP client will be
|
* network information will be gained.
|
||||||
* restarted, and the correct network information will be gained.
|
|
||||||
*
|
|
||||||
* However, do not reconfigure the wireless interface forcibly if it was not connected to any
|
|
||||||
* access points previously (previous_ssid is NULL in this case). As, a .network file may be
|
|
||||||
* already assigned to the interface (in that case, the .network file does not have the SSID=
|
|
||||||
* setting in the [Match] section), and the interface is already being configured. Of course,
|
|
||||||
* there may exist another .network file with higher priority and a matching SSID= setting. But
|
|
||||||
* in that case, link_reconfigure_impl() can handle that without the force_reconfigure flag.
|
|
||||||
*
|
|
||||||
* For non-wireless interfaces, we have no way to detect the connected network change. So,
|
* For non-wireless interfaces, we have no way to detect the connected network change. So,
|
||||||
* setting force_reconfigure = false. Note, both ssid and previous_ssid are NULL in that case. */
|
* setting force_reconfigure = false. Note, both ssid and previous_ssid should be NULL for
|
||||||
force_reconfigure = link->previous_ssid && !streq_ptr(link->previous_ssid, link->ssid);
|
* non-wireless interfaces, and streq_ptr() returns true. */
|
||||||
|
force_reconfigure = !streq_ptr(link->previous_ssid, link->ssid);
|
||||||
link->previous_ssid = mfree(link->previous_ssid);
|
link->previous_ssid = mfree(link->previous_ssid);
|
||||||
|
|
||||||
if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_FAILED, LINK_STATE_LINGER)) {
|
if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_FAILED, LINK_STATE_LINGER)) {
|
||||||
|
|||||||
@ -130,7 +130,7 @@ int manager_genl_process_nl80211_config(sd_netlink *genl, sd_netlink_message *me
|
|||||||
|
|
||||||
log_link_debug(link, "nl80211: received %s(%u) message: iftype=%s, ssid=%s",
|
log_link_debug(link, "nl80211: received %s(%u) message: iftype=%s, ssid=%s",
|
||||||
strna(nl80211_cmd_to_string(cmd)), cmd,
|
strna(nl80211_cmd_to_string(cmd)), cmd,
|
||||||
strna(nl80211_iftype_to_string(wlan_iftype)), strna(ssid));
|
strna(nl80211_iftype_to_string(wlan_iftype)), ssid);
|
||||||
|
|
||||||
switch(cmd) {
|
switch(cmd) {
|
||||||
case NL80211_CMD_SET_INTERFACE:
|
case NL80211_CMD_SET_INTERFACE:
|
||||||
|
|||||||
@ -44,21 +44,6 @@ typedef enum ItemType {
|
|||||||
ADD_RANGE = 'r',
|
ADD_RANGE = 'r',
|
||||||
} ItemType;
|
} ItemType;
|
||||||
|
|
||||||
static inline const char* item_type_to_string(ItemType t) {
|
|
||||||
switch (t) {
|
|
||||||
case ADD_USER:
|
|
||||||
return "user";
|
|
||||||
case ADD_GROUP:
|
|
||||||
return "group";
|
|
||||||
case ADD_MEMBER:
|
|
||||||
return "member";
|
|
||||||
case ADD_RANGE:
|
|
||||||
return "range";
|
|
||||||
default:
|
|
||||||
assert_not_reached();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
typedef struct Item {
|
typedef struct Item {
|
||||||
ItemType type;
|
ItemType type;
|
||||||
|
|
||||||
@ -75,8 +60,8 @@ typedef struct Item {
|
|||||||
|
|
||||||
bool gid_set:1;
|
bool gid_set:1;
|
||||||
|
|
||||||
/* When set the group with the specified GID must exist
|
/* When set the group with the specified gid must exist
|
||||||
* and the check if a UID clashes with the GID is skipped.
|
* and the check if a uid clashes with the gid is skipped.
|
||||||
*/
|
*/
|
||||||
bool id_set_strict:1;
|
bool id_set_strict:1;
|
||||||
|
|
||||||
@ -90,7 +75,6 @@ static char *arg_root = NULL;
|
|||||||
static char *arg_image = NULL;
|
static char *arg_image = NULL;
|
||||||
static bool arg_cat_config = false;
|
static bool arg_cat_config = false;
|
||||||
static const char *arg_replace = NULL;
|
static const char *arg_replace = NULL;
|
||||||
static bool arg_dry_run = false;
|
|
||||||
static bool arg_inline = false;
|
static bool arg_inline = false;
|
||||||
static PagerFlags arg_pager_flags = 0;
|
static PagerFlags arg_pager_flags = 0;
|
||||||
|
|
||||||
@ -403,14 +387,9 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
|
|||||||
Item *i;
|
Item *i;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (ordered_hashmap_isempty(todo_uids))
|
if (ordered_hashmap_size(todo_uids) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (arg_dry_run) {
|
|
||||||
log_info("Would write /etc/passwd…");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
|
r = fopen_temporary_label("/etc/passwd", passwd_path, &passwd, &passwd_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", passwd_path);
|
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", passwd_path);
|
||||||
@ -527,14 +506,9 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
|
|||||||
Item *i;
|
Item *i;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (ordered_hashmap_isempty(todo_uids))
|
if (ordered_hashmap_size(todo_uids) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (arg_dry_run) {
|
|
||||||
log_info("Would write /etc/shadow…");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
|
r = fopen_temporary_label("/etc/shadow", shadow_path, &shadow, &shadow_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", shadow_path);
|
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", shadow_path);
|
||||||
@ -665,14 +639,9 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
|
|||||||
Item *i;
|
Item *i;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (ordered_hashmap_isempty(todo_gids) && ordered_hashmap_isempty(members))
|
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (arg_dry_run) {
|
|
||||||
log_info("Would write /etc/group…");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
|
r = fopen_temporary_label("/etc/group", group_path, &group, &group_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", group_path);
|
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", group_path);
|
||||||
@ -771,14 +740,9 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
|
|||||||
Item *i;
|
Item *i;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
if (ordered_hashmap_isempty(todo_gids) && ordered_hashmap_isempty(members))
|
if (ordered_hashmap_size(todo_gids) == 0 && ordered_hashmap_size(members) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (arg_dry_run) {
|
|
||||||
log_info("Would write /etc/gshadow…");
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
|
r = fopen_temporary_label("/etc/gshadow", gshadow_path, &gshadow, &gshadow_tmp);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", gshadow_path);
|
return log_debug_errno(r, "Failed to open temporary copy of %s: %m", gshadow_path);
|
||||||
@ -1005,13 +969,13 @@ static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
|
|||||||
|
|
||||||
assert(i);
|
assert(i);
|
||||||
|
|
||||||
/* First, try to get the GID directly */
|
/* First, try to get the gid directly */
|
||||||
if (_gid && i->gid_path && root_stat(i->gid_path, &st) >= 0) {
|
if (_gid && i->gid_path && root_stat(i->gid_path, &st) >= 0) {
|
||||||
gid = st.st_gid;
|
gid = st.st_gid;
|
||||||
found_gid = true;
|
found_gid = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Then, try to get the UID directly */
|
/* Then, try to get the uid directly */
|
||||||
if ((_uid || (_gid && !found_gid))
|
if ((_uid || (_gid && !found_gid))
|
||||||
&& i->uid_path
|
&& i->uid_path
|
||||||
&& root_stat(i->uid_path, &st) >= 0) {
|
&& root_stat(i->uid_path, &st) >= 0) {
|
||||||
@ -1019,14 +983,14 @@ static int read_id_from_file(Item *i, uid_t *_uid, gid_t *_gid) {
|
|||||||
uid = st.st_uid;
|
uid = st.st_uid;
|
||||||
found_uid = true;
|
found_uid = true;
|
||||||
|
|
||||||
/* If we need the gid, but had no success yet, also derive it from the UID path */
|
/* If we need the gid, but had no success yet, also derive it from the uid path */
|
||||||
if (_gid && !found_gid) {
|
if (_gid && !found_gid) {
|
||||||
gid = st.st_gid;
|
gid = st.st_gid;
|
||||||
found_gid = true;
|
found_gid = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If that didn't work yet, then let's reuse the GID as UID */
|
/* If that didn't work yet, then let's reuse the gid as uid */
|
||||||
if (_uid && !found_uid && i->gid_path) {
|
if (_uid && !found_uid && i->gid_path) {
|
||||||
|
|
||||||
if (found_gid) {
|
if (found_gid) {
|
||||||
@ -1091,13 +1055,13 @@ static int add_user(Item *i) {
|
|||||||
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
|
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Try to use the suggested numeric UID */
|
/* Try to use the suggested numeric uid */
|
||||||
if (i->uid_set) {
|
if (i->uid_set) {
|
||||||
r = uid_is_ok(i->uid, i->name, !i->id_set_strict);
|
r = uid_is_ok(i->uid, i->name, !i->id_set_strict);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify UID " UID_FMT ": %m", i->uid);
|
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
log_info("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
|
log_debug("Suggested user ID " UID_FMT " for %s already used.", i->uid, i->name);
|
||||||
i->uid_set = false;
|
i->uid_set = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1113,7 +1077,7 @@ static int add_user(Item *i) {
|
|||||||
else {
|
else {
|
||||||
r = uid_is_ok(c, i->name, true);
|
r = uid_is_ok(c, i->name, true);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify UID " UID_FMT ": %m", i->uid);
|
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
|
||||||
else if (r > 0) {
|
else if (r > 0) {
|
||||||
i->uid = c;
|
i->uid = c;
|
||||||
i->uid_set = true;
|
i->uid_set = true;
|
||||||
@ -1127,7 +1091,7 @@ static int add_user(Item *i) {
|
|||||||
if (!i->uid_set && i->gid_set) {
|
if (!i->uid_set && i->gid_set) {
|
||||||
r = uid_is_ok((uid_t) i->gid, i->name, true);
|
r = uid_is_ok((uid_t) i->gid, i->name, true);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify UID " UID_FMT ": %m", i->uid);
|
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
|
||||||
if (r > 0) {
|
if (r > 0) {
|
||||||
i->uid = (uid_t) i->gid;
|
i->uid = (uid_t) i->gid;
|
||||||
i->uid_set = true;
|
i->uid_set = true;
|
||||||
@ -1145,7 +1109,7 @@ static int add_user(Item *i) {
|
|||||||
|
|
||||||
r = uid_is_ok(search_uid, i->name, true);
|
r = uid_is_ok(search_uid, i->name, true);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify UID " UID_FMT ": %m", i->uid);
|
return log_error_errno(r, "Failed to verify uid " UID_FMT ": %m", i->uid);
|
||||||
else if (r > 0)
|
else if (r > 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -1156,16 +1120,16 @@ static int add_user(Item *i) {
|
|||||||
|
|
||||||
r = ordered_hashmap_ensure_put(&todo_uids, NULL, UID_TO_PTR(i->uid), i);
|
r = ordered_hashmap_ensure_put(&todo_uids, NULL, UID_TO_PTR(i->uid), i);
|
||||||
if (r == -EEXIST)
|
if (r == -EEXIST)
|
||||||
return log_error_errno(r, "Requested user %s with UID " UID_FMT " and gid" GID_FMT " to be created is duplicated "
|
return log_error_errno(r, "Requested user %s with uid " UID_FMT " and gid" GID_FMT " to be created is duplicated "
|
||||||
"or conflicts with another user.", i->name, i->uid, i->gid);
|
"or conflicts with another user.", i->name, i->uid, i->gid);
|
||||||
if (r == -ENOMEM)
|
if (r == -ENOMEM)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to store user %s with UID " UID_FMT " and GID " GID_FMT " to be created: %m",
|
return log_error_errno(r, "Failed to store user %s with uid " UID_FMT " and gid " GID_FMT " to be created: %m",
|
||||||
i->name, i->uid, i->gid);
|
i->name, i->uid, i->gid);
|
||||||
|
|
||||||
i->todo_user = true;
|
i->todo_user = true;
|
||||||
log_info("Creating user '%s' (%s) with UID " UID_FMT " and GID " GID_FMT ".",
|
log_info("Creating user %s (%s) with uid " UID_FMT " and gid " GID_FMT ".",
|
||||||
i->name, strna(i->description), i->uid, i->gid);
|
i->name, strna(i->description), i->uid, i->gid);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -1250,15 +1214,15 @@ static int add_group(Item *i) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Try to use the suggested numeric GID */
|
/* Try to use the suggested numeric gid */
|
||||||
if (i->gid_set) {
|
if (i->gid_set) {
|
||||||
r = gid_is_ok(i->gid);
|
r = gid_is_ok(i->gid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
|
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
|
||||||
if (i->id_set_strict) {
|
if (i->id_set_strict) {
|
||||||
/* If we require the GID to already exist we can return here:
|
/* If we require the gid to already exist we can return here:
|
||||||
* r > 0: means the GID does not exist -> fail
|
* r > 0: means the gid does not exist -> fail
|
||||||
* r == 0: means the GID exists -> nothing more to do.
|
* r == 0: means the gid exists -> nothing more to do.
|
||||||
*/
|
*/
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
||||||
@ -1268,7 +1232,7 @@ static int add_group(Item *i) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (r == 0) {
|
if (r == 0) {
|
||||||
log_info("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
|
log_debug("Suggested group ID " GID_FMT " for %s already used.", i->gid, i->name);
|
||||||
i->gid_set = false;
|
i->gid_set = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1277,7 +1241,7 @@ static int add_group(Item *i) {
|
|||||||
if (!i->gid_set && i->uid_set) {
|
if (!i->gid_set && i->uid_set) {
|
||||||
r = gid_is_ok((gid_t) i->uid);
|
r = gid_is_ok((gid_t) i->uid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
|
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
|
||||||
if (r > 0) {
|
if (r > 0) {
|
||||||
i->gid = (gid_t) i->uid;
|
i->gid = (gid_t) i->uid;
|
||||||
i->gid_set = true;
|
i->gid_set = true;
|
||||||
@ -1295,7 +1259,7 @@ static int add_group(Item *i) {
|
|||||||
else {
|
else {
|
||||||
r = gid_is_ok(c);
|
r = gid_is_ok(c);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
|
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
|
||||||
else if (r > 0) {
|
else if (r > 0) {
|
||||||
i->gid = c;
|
i->gid = c;
|
||||||
i->gid_set = true;
|
i->gid_set = true;
|
||||||
@ -1317,7 +1281,7 @@ static int add_group(Item *i) {
|
|||||||
|
|
||||||
r = gid_is_ok(search_uid);
|
r = gid_is_ok(search_uid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to verify GID " GID_FMT ": %m", i->gid);
|
return log_error_errno(r, "Failed to verify gid " GID_FMT ": %m", i->gid);
|
||||||
else if (r > 0)
|
else if (r > 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -1328,14 +1292,14 @@ static int add_group(Item *i) {
|
|||||||
|
|
||||||
r = ordered_hashmap_ensure_put(&todo_gids, NULL, GID_TO_PTR(i->gid), i);
|
r = ordered_hashmap_ensure_put(&todo_gids, NULL, GID_TO_PTR(i->gid), i);
|
||||||
if (r == -EEXIST)
|
if (r == -EEXIST)
|
||||||
return log_error_errno(r, "Requested group %s with GID "GID_FMT " to be created is duplicated or conflicts with another user.", i->name, i->gid);
|
return log_error_errno(r, "Requested group %s with gid "GID_FMT " to be created is duplicated or conflicts with another user.", i->name, i->gid);
|
||||||
if (r == -ENOMEM)
|
if (r == -ENOMEM)
|
||||||
return log_oom();
|
return log_oom();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to store group %s with GID " GID_FMT " to be created: %m", i->name, i->gid);
|
return log_error_errno(r, "Failed to store group %s with gid " GID_FMT " to be created: %m", i->name, i->gid);
|
||||||
|
|
||||||
i->todo_group = true;
|
i->todo_group = true;
|
||||||
log_info("Creating group '%s' with GID " GID_FMT ".", i->name, i->gid);
|
log_info("Creating group %s with gid " GID_FMT ".", i->name, i->gid);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1499,6 +1463,7 @@ static bool item_equal(Item *a, Item *b) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int parse_line(const char *fname, unsigned line, const char *buffer) {
|
static int parse_line(const char *fname, unsigned line, const char *buffer) {
|
||||||
|
|
||||||
_cleanup_free_ char *action = NULL,
|
_cleanup_free_ char *action = NULL,
|
||||||
*name = NULL, *resolved_name = NULL,
|
*name = NULL, *resolved_name = NULL,
|
||||||
*id = NULL, *resolved_id = NULL,
|
*id = NULL, *resolved_id = NULL,
|
||||||
@ -1763,9 +1728,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
|
|||||||
if (existing) {
|
if (existing) {
|
||||||
/* Two identical items are fine */
|
/* Two identical items are fine */
|
||||||
if (!item_equal(existing, i))
|
if (!item_equal(existing, i))
|
||||||
log_warning("%s:%u: conflict with earlier configuration for %s '%s', ignoring line.",
|
log_warning("Two or more conflicting lines for %s configured, ignoring.", i->name);
|
||||||
fname, line,
|
|
||||||
item_type_to_string(i->type), i->name);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1862,7 +1825,6 @@ static int help(void) {
|
|||||||
" --root=PATH Operate on an alternate filesystem root\n"
|
" --root=PATH Operate on an alternate filesystem root\n"
|
||||||
" --image=PATH Operate on disk image as filesystem root\n"
|
" --image=PATH Operate on disk image as filesystem root\n"
|
||||||
" --replace=PATH Treat arguments as replacement for PATH\n"
|
" --replace=PATH Treat arguments as replacement for PATH\n"
|
||||||
" --dry-run Just print what would be done\n"
|
|
||||||
" --inline Treat arguments as configuration lines\n"
|
" --inline Treat arguments as configuration lines\n"
|
||||||
" --no-pager Do not pipe output into a pager\n"
|
" --no-pager Do not pipe output into a pager\n"
|
||||||
"\nSee the %s for details.\n",
|
"\nSee the %s for details.\n",
|
||||||
@ -1880,7 +1842,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
ARG_ROOT,
|
ARG_ROOT,
|
||||||
ARG_IMAGE,
|
ARG_IMAGE,
|
||||||
ARG_REPLACE,
|
ARG_REPLACE,
|
||||||
ARG_DRY_RUN,
|
|
||||||
ARG_INLINE,
|
ARG_INLINE,
|
||||||
ARG_NO_PAGER,
|
ARG_NO_PAGER,
|
||||||
};
|
};
|
||||||
@ -1892,7 +1853,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
{ "root", required_argument, NULL, ARG_ROOT },
|
{ "root", required_argument, NULL, ARG_ROOT },
|
||||||
{ "image", required_argument, NULL, ARG_IMAGE },
|
{ "image", required_argument, NULL, ARG_IMAGE },
|
||||||
{ "replace", required_argument, NULL, ARG_REPLACE },
|
{ "replace", required_argument, NULL, ARG_REPLACE },
|
||||||
{ "dry-run", no_argument, NULL, ARG_DRY_RUN },
|
|
||||||
{ "inline", no_argument, NULL, ARG_INLINE },
|
{ "inline", no_argument, NULL, ARG_INLINE },
|
||||||
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
|
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
|
||||||
{}
|
{}
|
||||||
@ -1943,10 +1903,6 @@ static int parse_argv(int argc, char *argv[]) {
|
|||||||
arg_replace = optarg;
|
arg_replace = optarg;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case ARG_DRY_RUN:
|
|
||||||
arg_dry_run = true;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ARG_INLINE:
|
case ARG_INLINE:
|
||||||
arg_inline = true;
|
arg_inline = true;
|
||||||
break;
|
break;
|
||||||
@ -2105,7 +2061,7 @@ static int run(int argc, char *argv[]) {
|
|||||||
login_defs_need_warning = true;
|
login_defs_need_warning = true;
|
||||||
|
|
||||||
/* We pick a range that very conservative: we look at compiled-in maximum and the value in
|
/* We pick a range that very conservative: we look at compiled-in maximum and the value in
|
||||||
* /etc/login.defs. That way the UIDs/GIDs which we allocate will be interpreted correctly,
|
* /etc/login.defs. That way the uids/gids which we allocate will be interpreted correctly,
|
||||||
* even if /etc/login.defs is removed later. (The bottom bound doesn't matter much, since
|
* even if /etc/login.defs is removed later. (The bottom bound doesn't matter much, since
|
||||||
* it's only used during allocation, so we use the configured value directly). */
|
* it's only used during allocation, so we use the configured value directly). */
|
||||||
uid_t begin = login_defs.system_alloc_uid_min,
|
uid_t begin = login_defs.system_alloc_uid_min,
|
||||||
@ -2121,11 +2077,9 @@ static int run(int argc, char *argv[]) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
if (!arg_dry_run) {
|
|
||||||
lock = take_etc_passwd_lock(arg_root);
|
lock = take_etc_passwd_lock(arg_root);
|
||||||
if (lock < 0)
|
if (lock < 0)
|
||||||
return log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
|
return log_error_errno(lock, "Failed to take /etc/passwd lock: %m");
|
||||||
}
|
|
||||||
|
|
||||||
r = load_user_database();
|
r = load_user_database();
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user