Compare commits

..

161 Commits

Author SHA1 Message Date
talisein 1bdbe714ec
Merge 353f417f48 into c946b13575 2024-11-22 20:19:12 +01:00
Christian Hesse c946b13575 link README.logs from tmpfiles.d/legacy.conf only if available
The file README.logs is installed only if SysVInit support is enabled.
Thus the link should depend on it as well.
2024-11-22 18:33:20 +00:00
Lennart Poettering e39cbb1442 varlink: apparently on old kernels SO_PEERPIDFD returns EINVAL 2024-11-23 03:09:49 +09:00
Marco Tomaschett bc4a027f9c
hwdb: add support for PineTab2 to 60-sensor.hwdb (#35304)
Add accelerometer support for PineTab2
2024-11-23 03:08:06 +09:00
Lennart Poettering d209e197f8
userdbctl: two trivial fixlets (#35296)
Fixes: #35294
2024-11-22 16:06:01 +01:00
Antonio Alvarez Feijoo 9ed090230e tpm2-util: fix parameter name 2024-11-22 16:04:16 +01:00
Luca Boccassi 9bf6ffe166
man: split cryptenroll man page into sections (#35297) 2024-11-22 12:01:07 +00:00
Lennart Poettering 47c5ca237b userdbctl: respect selected disposition also when showing gid boundaries
Follow-up for: ad5de3222f
2024-11-22 11:28:30 +01:00
Lennart Poettering 7f8a4f12df userdbctl: fix counting
Fixes: #35294
2024-11-22 11:28:28 +01:00
Lennart Poettering e412fc5e04 userbdctl: show 'mapped' user range only inside of userns
Outside of userns the concept makes no sense, there cannot be users
mapped from further outside.
2024-11-22 11:28:17 +01:00
Lennart Poettering cc6baba720 cryptenroll: it's called PKCS#11, not PKCS11
In the --help text we really should use the official spelling, just like
in the man page.
2024-11-22 10:42:37 +01:00
Lennart Poettering 3ae48d071c man: add enrollment type sections to cryptenroll man page
We have the same sections in the --help text, hence we even more so
should have them in the man page.
2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo 2ccacdd57c bash-completion: add --list-devices to systemd-cryptenroll
And also use it to list suitable block devices.
2024-11-22 10:38:19 +01:00
Yu Watanabe d99198819c core/service: service_add_fd_store() consumes passed fd
Without this change, the fd is closed twice on failure.

Fixes a bug introduced by dff9808a62.

Fixes #35288.
2024-11-22 04:15:51 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Yuri Chornoivan b153eebfb2 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
Luca Boccassi b7eefa1996 cgroup-util: fix memory leak on error
CID#1565824

Follow-up for f6793bbcf0
2024-11-21 14:02:34 +09:00
Luca Boccassi 2e5b0412f9
network: update state files before replying bus method (#35255)
Follow-up for 2b07a3211b.

Fixes the failure found in
https://autopkgtest.ubuntu.com/results/autopkgtest-noble-upstream-systemd-ci-systemd-ci/noble/amd64/s/systemd-upstream/20241115_182040_92382@/log.gz
. Relevant logs:
```
Nov 16 02:48:36 systemd-networkd[2706]: veth99: Reconfiguring with /run/systemd/network/25-dhcp-client-ipv6-only.network.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Started IPv6 Router Solicitation client
Nov 16 02:48:36 systemd-networkd[2706]: veth99: IPv6 Router Discovery is configured and started.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Sent Router Solicitation, next solicitation in 3s
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Received Router Advertisement from fe80::1034:56ff:fe78:9abd: flags=0xc0(managed, other), preference=medium, lifetime=30min
Nov 16 02:48:36 systemd-networkd[2706]: veth99: NDISC: Invoking callback for 'router' event.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: link_check_ready(): dynamic addressing protocols are enabled but none of them finished yet.
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Starting in Solicit mode
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: State changed: stopped -> solicitation
Nov 16 02:48:36 systemd-networkd[2706]: veth99: Acquiring DHCPv6 lease on NDisc request
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Sent Solicit
Nov 16 02:48:36 systemd-networkd[2706]: veth99: DHCPv6 client: Next retransmission in 1s
Nov 16 02:48:37 systemd-networkd[2706]: veth99: DHCPv6 client: Sent Solicit
Nov 16 02:48:37 systemd-networkd[2706]: veth99: DHCPv6 client: Next retransmission in 1s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: NDISC: Received Neighbor Advertisement from fe80::1034:56ff:fe78:9abd: Router=yes, Solicited=yes, Override=no
Nov 16 02:48:39 systemd-networkd[2706]: veth99: NDISC: Invoking callback for 'neighbor' event.
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: Processed Reply message
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: T1 expires in 50s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: T2 expires in 55s
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: Valid lifetime expires in 2min
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 client: State changed: solicitation -> bound
Nov 16 02:48:39 systemd-networkd[2706]: veth99: DHCPv6 address 2600::15/128 (valid for 1min 59s, preferred for 1min 59s)
Nov 16 02:48:41 systemd-networkd[2706]: veth99: Received updated DHCPv6 address (configured): 2600::15/128 (valid for 1min 58s, preferred for 1min 58s), flags: no-prefixroute, scope: global
Nov 16 02:48:41 systemd-networkd[2706]: veth99: DHCPv6 addresses and routes set.
Nov 16 02:48:41 systemd-networkd[2706]: veth99: link_check_ready(): IPv4LL:no DHCPv4:no DHCPv6:yes DHCP-PD:no NDisc:no
Nov 16 02:48:41 systemd-networkd[2706]: veth99: State changed: configuring -> configured
```
The interface veth99 entered the configured state after 5 seconds, but
at the same time, the `wait_online()` in the test script considered the
test failed.
The function `wait_online()` first invokes
`systemd-networkd-wait-online` with `--timeout=20`, then check setup
states of interfaces with 5 seconds timeout. So, the failure suggests
that `systemd-networkd-wait-online` finishes immediately, as the state
file was not updated when it is invoked, and thus it handles the
interface veth99 already in the configured state.
2024-11-20 23:36:35 +00:00
Martin Srebotnjak 69af4849aa po: Translated using Weblate (Slovenian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Martin Srebotnjak <miles@filmsi.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/sl/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Jiri Grönroos 18d4e0be89 po: Translated using Weblate (Finnish)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Jiri Grönroos <jiri.gronroos@iki.fi>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fi/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Dmytro Markevych 7d7b89a015 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Dmytro Markevych <hotr1pak@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Léane GRASSER 8a92365f79 po: Translated using Weblate (French)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Léane GRASSER <leane.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-11-21 04:17:08 +09:00
Yu Watanabe 2b397d43ab test-network: actually check metric and preference
Otherwise, nexthop ID may contain e.g. 300, then
===
AssertionError: '300' unexpectedly found in
'default nhid 3860882700 via fe80::1034:56ff:fe78:9a99 proto ra metric 512 expires 1798sec pref high\n
 default nhid 2639230080 via fe80::1034:56ff:fe78:9a98 proto ra metric 2048 expires 1798sec pref low'
===
2024-11-21 03:43:35 +09:00
Yu Watanabe 9ad294efd0 network: update state files before replying bus method
Follow-up for 2b07a3211b.
2024-11-21 03:42:06 +09:00
Lennart Poettering f6793bbcf0 killall: gracefully handle processes inserted into containers via nsenter -a
"nsenter -a" doesn't migrate the specified process into the target
cgroup (it really should). Thus the cgroup will remain in a cgroup
that is (due to cgroup ns) outside our visibility. The kernel will
report the cgroup path of such cgroups as starting with "/../". Detect
that and print a reasonably error message instead of trying to resolve
that.
2024-11-20 18:11:38 +00:00
Mike Yuan f87863a8ff process-util: refuse to operate on remote PidRef
Follow-up for 7e3e540b88
2024-11-20 18:10:26 +00:00
Antonio Alvarez Feijoo 58c3c2886d cryptenroll: fix typo 2024-11-20 18:03:44 +00:00
Daan De Meyer dbbe895807 test-audit-util: Migrate to new assertion macros 2024-11-20 16:48:55 +00:00
Yu Watanabe 52b0351a15
core/exec-invoke: suppress placeholder home only in build_environment() (#35219)
Alternative to https://github.com/systemd/systemd/pull/34789
Closes #34789
2024-11-20 17:34:25 +09:00
Luca Boccassi fe077a1a58 units: add initrd directory to list of conditions for systemd-confext
systemd-sysext has the same check, but it was forgotten for confexts.
Needed to activate confexts from the ESP in the initrd.
2024-11-20 09:12:24 +01:00
Xuanjun Wen a526b9ddfc hwdb: add new Cube Mix Plus (i18D) rotation info
Added rotation information for the new version of Cube Mix Plus (i18D).
2024-11-20 05:23:34 +09:00
Mike Yuan 804dd670d1
sd-varlink: mark sd_varlink_server_{ref,unref} as _public_ (#35241)
Co-authored-by: Thorsten Kukuk <kukuk@suse.com>
2024-11-20 05:21:15 +09:00
Lennart Poettering d5bb359429
user-record: don't synthesize default list of self-modfiable fields for non-regular users. (#35133)
A follow-up for a192250eda

/cc @AdrianVovk
2024-11-19 14:32:21 +01:00
Antonio Alvarez Feijoo a04d42821b man/kernel-command-line: fix typo 2024-11-19 13:59:11 +01:00
Luca Boccassi 987156769b
network/ndisc: process zero lifetime options at first (#35212)
Fixes two issues reported at #33468.
2024-11-19 12:42:03 +00:00
Antonio Alvarez Feijoo 2b251491de cryptenroll: show better log message if slot to wipe does not exist
```
$ systemd-cryptenroll /dev/vda3
SLOT TYPE
   0 password
$ systemd-cryptenroll --wipe-slot 1 /dev/vda3
Failed to wipe slot 1, continuing: No such file or directory
```
2024-11-19 12:00:50 +01:00
Lennart Poettering 12b06fef7a update TODO 2024-11-19 11:03:16 +01:00
Yaron Shahrabani dd7bc02ee6 po: Translated using Weblate (Hebrew)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/he/
Translation: systemd/main
2024-11-19 19:01:31 +09:00
Mantas Mikulėnas 2424a67c02 ssh-generator: silence "Binding to socket" messages 2024-11-19 11:00:20 +01:00
Lennart Poettering ebe37f771c user-record: distinguish explicit and implicit empty modifiable lists case
We now distinguish two cases: where the list of self modifiable fields
is explicitly set to empty, and where the default is empty.

Let's display them differently in the output. When set explicitly to
empty let's mention the admin, otherwise just say "none".
2024-11-19 10:15:42 +01:00
Lennart Poettering ac8e381e26 user-record: only synthesize default list of self-modifiable fields for *regular* users
For system users we should lock things down, hence generate an empty
list.

This is mostly a safety precaution, but also hides really confusing
output of "userdbctl user" for an system user.

Follow-up for: a192250eda
2024-11-19 10:15:40 +01:00
Zbigniew Jędrzejewski-Szmek 574a04f62a
test: fix generate-sym-test using the wrong array (#35185)
For my understanding bsearch is searching in the wrong array. Or, if
it's the right one, then the size is wrong. In another commit I made the
arrays different by mistake and that triggered a SIGSEV during tests.
2024-11-19 10:15:18 +01:00
Lennart Poettering ec97125a7e vmspawn: enable memory pressure logic for vmspawn 2024-11-19 10:12:03 +01:00
Lennart Poettering 54646b1ca9 systemctl: grey out tasks limit the same way we grey out the fd store limit in the output
"systemctl status systemd-logind" otherwise looks a bit weird, since the
tasks and the fdstore lines are so close to each other but formatted
quite differently when it comes to coloring.
2024-11-19 10:11:49 +01:00
Federico Giovanardi 0c851a58f7 style: Fix formatting 2024-11-19 09:55:07 +01:00
Mike Yuan b718b86e1b
core/exec-invoke: suppress placeholder home only in build_environment()
Currently, get_fixed_user() employs USER_CREDS_SUPPRESS_PLACEHOLDER,
meaning home path is set to NULL if it's empty or root. However,
the path is also used for applying WorkingDirectory=~, and we'd
spuriously use the invoking user's home as fallback even if
User= is changed in that case.

Let's instead delegate such suppression to build_environment(),
so that home is proper initialized for usage at other steps.
shell doesn't actually suffer from such problem, but it's changed
too for consistency.

Alternative to #34789
2024-11-19 00:38:18 +01:00
Mike Yuan d911778877
core/exec-invoke: minor cleanup for apply_working_directory() error handling
Assign exit_status at the same site where error log is emitted,
for readability.
2024-11-19 00:38:18 +01:00
Mike Yuan eea9d3eb10
basic/user-util: split out placeholder suppression from USER_CREDS_CLEAN into its own flag
No functional change, preparation for later commits.
2024-11-19 00:38:18 +01:00
Mike Yuan 579ce77ead
basic/user-util: introduce shell_is_placeholder() helper 2024-11-19 00:38:18 +01:00
Daan De Meyer 70bb29db62 mkosi: Enable clangd execution for all distributions 2024-11-18 23:21:24 +00:00
Lennart Poettering cc74edd861 update TODO 2024-11-18 23:50:04 +01:00
Yu Watanabe c295b558bf test-network: add test case for IPv6 Core Conformance test v6LC.2.2.23 2024-11-19 04:48:39 +09:00
Yu Watanabe 16ccdc3748 test-network: split out check_router_preference() from test_router_preference()
This also drop high2.network and low2.network, and edit high.network and
low.network during the test.
2024-11-19 04:44:59 +09:00
Yu Watanabe 25688f8d5a network/ndisc: first process options with zero lifetime
Fixes IPv6 Core Conformance test failures reported at #33468.
https://www.ipv6ready.org/docs/Core_Conformance.pdf
Test v6LC.2.2.23 h and j: Processing Router Advertisement with Route
Information Option (Host Only)

When a RA contains route option with ::/0 prefix, then previously that
may contradict with the default route requested with the RA header.
If the route option has zero lifetime, the existing default route should
be removed, and a new route based on the RA header should be configured.
If the route option has non-zero lifetime, the RA header should be
ignored.

So, we first need to process options with zero lifetime (not only
route option, as the similar reasons), then configure the default route
based on the RA, finally process options with non-zero lifetime.
2024-11-19 04:04:14 +09:00
Yu Watanabe cb3243460b network/ndisc: sd_ndisc_router_route_get_preference() does not return -EOPNOTSUPP anymore 2024-11-19 04:04:14 +09:00
Yu Watanabe c8ddd5ff72 ndisc-option: use memcpy_safe() at one more place
As 'len' may be 8.

Follow-up for a163404cc8.
2024-11-19 04:04:14 +09:00
Zbigniew Jędrzejewski-Szmek 5e7e4e4d49 ukify: fix parsing of SignTool configuration option
This partially reverts 02eabaffe9.
As noted in https://github.com/systemd/systemd/pull/35211:
> The configuration parsing simply stores the string as-is, rather than
> creating the appropriate object

One way to fix the issue would be to store the "appropriate object", i.e.
actually the class. But that makes the code very verbose, with the conversion
being done in two places. And that still doesn't fix the issue, because we need
to map the class objects back to the original name in error messages.

So instead, store the setting as a string and only map it to the class much
later. This makes the code simpler and fixes the error messages too.

Resolves https://github.com/systemd/systemd/pull/35193
2024-11-18 14:58:41 +00:00
Yu Watanabe 4d9cac56db man: fix copy-and-paste error
Follow-up for 85a1360ecf.
2024-11-18 15:18:26 +09:00
Yu Watanabe 85a1360ecf man: add several future version info tags 2024-11-18 15:04:17 +09:00
Yu Watanabe ec0847f8fb po: update Japanese translations 2024-11-18 13:01:34 +09:00
Yu Watanabe efb158a11b network/netdev: fix typo
Follow-up for 09db410606.
2024-11-18 12:53:21 +09:00
Michał Górny 7fd70a5326 nspawn: Include arm_fadvise64_64 in syscall allow_list
Add the `arm_fadvise64_64` syscall to the allow_list, in addition
to the existing `fadvise64` and `fadvise64_64` syscalls, as this is
the syscall actually defined for `arm` architecture.  Adding it fixes
the syscall being rejected in arm32 containers.

Fixes #35194
2024-11-18 11:43:35 +09:00
Yaron Shahrabani 2b60615a41 po: Translated using Weblate (Hebrew)
Currently translated at 89.1% (229 of 257 strings)

Co-authored-by: Yaron Shahrabani <sh.yaron@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/he/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Weblate Translation Memory d0ac6be44b po: Translated using Weblate (German)
Currently translated at 95.7% (246 of 257 strings)

Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Ettore Atalan 6b5ce5d6cc po: Translated using Weblate (German)
Currently translated at 95.7% (246 of 257 strings)

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-18 01:17:40 +09:00
Sergey A 033ee241b7 po: Translated using Weblate (Russian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Sergey A <Ser82-png@yandex.ru>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ru/
Translation: systemd/main
2024-11-17 15:50:36 +00:00
Luca Boccassi 72cfd2def6
mkosi: Update packaging specs (#35196) 2024-11-17 15:49:24 +00:00
Daan De Meyer ac2cdd8d09 mkosi: update debian commit reference
* 51cd22f368 Update changelog for 257~rc2-3 release
* 5308c3b905 Backport patch to remove faulty unit test assertion
* b7d805151b Update changelog for 257~rc2-2 release
* 5afc23b288 Backport patch to fix FTBFS due to failing unit test
* 0ca89ce40c Update changelog for 257~rc2-1 release
* f27216d493 Update lintian override to ignore false positive typos
* 2caa74f473 d/rules: adjust blhc override to account for source files being moved
* 6b48328ead systemd-ukify: recommend systemd-repart
* 5e01b67f43 systemd-ukify: downgrade dependency on systemd, not mandatory
* 3a4dd59e41 Install new systemd-keyutil binary in the systemd-repart package
* e64cffab71 Drop all patches, merged upstream
* 0fcef228c7 Update upstream source from tag 'upstream/257_rc2'
* a01322bb29 d/t/control: add more packages to dummy hint-testsuite-triggers
2024-11-17 13:00:59 +01:00
Daan De Meyer 59cd621733 mkosi: update fedora commit reference
* 7bd1d09f7f Change sysusers u! lines to u because we don't have support in rpm
* 943bd94cf6 Version 257~rc2
* 6162965002 Disable freezing of user sessions
* 0c236cedb9 Upload sources
* ea947ce068 Version 257~rc1
* 834ba50e79 Use %posttrans instead of %postun to restart services
* 8dafa3810b Disable OpenSSL v3 ENGINE on RHEL
* 8f44e8097d Add forgotten patch
* 86ca699d18 Backport user manager reexec changes
* 009c64d6a2 Use %systemd_preun in systemd-resolved
2024-11-17 13:00:57 +01:00
Daan De Meyer c36a963956 mkosi: update arch commit reference
* 29a73017cd upgpkg: 256.8-1: new upstream release
* cda4f7b35e add a hint on my personal testing repository
2024-11-17 13:00:55 +01:00
Luca Boccassi 248eeec612 meson: update version 2024-11-15 19:16:58 +00:00
Luca Boccassi a66fd4ac9f NEWS: update date 2024-11-15 19:16:47 +00:00
anonymix007 61d6075775 ukify: Use new .hwids PE section format 2024-11-15 19:15:30 +00:00
Daan De Meyer f2ac4458f0 bootctl: Only create loader/keys/auto if required
systemd-boot uses the existance of loader/keys/auto to determine
whether to auto-enroll secure boot or not so only create the directory
if we're actually going to put auto-enroll signature lists in it.
2024-11-15 18:36:53 +00:00
Zbigniew Jędrzejewski-Szmek 10ed6d91cb
Chores for rc2 (#35186) 2024-11-15 18:56:54 +01:00
Luca Boccassi 69cd0f4781 NEWS: update contributors list 2024-11-15 17:26:07 +00:00
Luca Boccassi 7751bfb179 NEWS: systemd-keyutil, --certificate-source, --certificate-provider 2024-11-15 17:25:29 +00:00
Luca Boccassi d182ada2c2 Update hwdb
ninja -C build update-hwdb
2024-11-15 17:17:47 +00:00
Federico Giovanardi 55980446c3 test: fix generate-sym-test using the wrong array
The second check was searching the symbols into the same array, but
using the size of the other. This generated a SIGSEV when they
occassionally mismatched.
2024-11-15 17:12:42 +01:00
Frantisek Sumsal 238ddac165 test: ignore inconsistent coverage errors
lcov 2.1 introduced additional consistency checks [0] which make it trip
over our coverage results quite often:

Summary coverage rate:
  source files: 915
  lines.......: 36.9% (78950 of 214010 lines)
  functions...: 53.3% (6906 of 12949 functions)
Message summary:
  73 warning messages:
    inconsistent: 73
lcov: ERROR: (corrupt) unable to read trace file '/var/tmp/systemd-test-TEST-04-JOURNAL/coverage-info.new': lcov: ERROR: (inconsistent) "/build/src/shutdown/umount.c":298: function 'umount_with_timeout' is not hit but line 317 is.
        To skip consistency checks, see the 'check_data_consistency' section in man lcovrc(5).
        (use "lcov --ignore-errors inconsistent ..." to bypass this error)
        (use "lcov --ignore-errors corrupt ..." to bypass this error)

This is caused by coverage collected during shutdown which is a bit
unreliable, especially towards the final shutdown stage(s). Let's just
ignore the consistency errors for now.

[0] https://github.com/linux-test-project/lcov/releases/tag/v2.2
2024-11-15 15:54:28 +00:00
Lennart Poettering be6e599935 boot: make .hwids PE section more flexible to cover more than DT one day
The proposal in https://github.com/systemd/systemd/pull/35091 suggests
that there are going to be more resources sooner or later that shall be
embeddable in a UKI, but are specific to some machine. The .hwids logic
as it is implemented right now is conceptually flexible enough to cover
that too (as long as the system has SMBIOS and thus CHIDs). Hence, let's
prepare the ground for a future (that might possibly never come, but
let's keep the door open) where the section can be reused for this
purpose.

The patch is really dumb ultimately. it just changes the initial field
in the "Device" struct to carry not just the size of it (as before) but
also a type indicator, that is for now fixed to 1, indicating DT blobs.

This breaks compatibility, hence this should get merged before we do the
v257 release, so that this is done properly before the first release
with .hwids.
2024-11-15 15:40:43 +00:00
Lennart Poettering bae936b418 nspawn: --private-users-ownership= value is called 'chown', not 'own' 2024-11-15 13:34:59 +00:00
Lennart Poettering 4b20ae9a0e pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary, noone else
We use the $WATCHDOG_USEC variable for two very closely uses: as part of
the sd_watchdog_enabled() protocol for implementing service watchdogs.
And as part of the protocol between the service manager and
systemd-shutdown across the PID 1 execve() transition during shutdown.

Apparently some exitrds tools got confused by the latter use. Let's
address that by setting $WATCHDOG_PID to 1, in accordance to the
sd_watchdog_enabled() protocol to make clear this is only intended for
PID 1 and nothing else.

Replaces: #35135
2024-11-15 13:34:06 +00:00
Daan De Meyer 1a077e05fb Add proper dependencies to ukify target
Also remove the systemd-measure dependency from the mkosi target as
mkosi doesn't invoke systemd-measure itself.
2024-11-15 10:32:24 +00:00
Lennart Poettering 9386bcc2da boot: explain the 4G quirks we apply to initrd memory allocations
Given how long it took to come to a conclusion of the discussions around
https://github.com/systemd/systemd/issues/35026, let's add a comment
that makes this easier to grok for the next time this comes up.

Follow-up for: 6e207b370e
2024-11-15 10:14:17 +00:00
Yu Watanabe dd54e63429 network/nexthop: fix copy-and-paste error
Follow-up for 688f166972.
2024-11-15 10:44:07 +01:00
Luca Boccassi 893aa45886 test: skip TEST-84-STORAGETM if running with bugged libnvme
libnvme 1.11 appears to require a kernel built with NVME TLS
kconfigs, and fails hard if it is not, as the expected
privileged keyring '.nvme' is not present. We cannot just
create it from userspace, as privileged keyrings can only
be created by the kernel itself (those starting with '.').

Skip the test if the library exactly matches this version.

https://github.com/linux-nvme/nvme-cli/issues/2573

Fixes https://github.com/systemd/systemd/issues/35130
2024-11-14 18:00:35 +00:00
Luca Boccassi 32a14422ec
ukify: Support building UKIs with .dtbauto and .hwids sections (#34158)
Stub behavior will be as following:
1. If there are no `.dtbauto` sections then is used `.dtb` if present
2. If there are `.dtbauto` sections and there is at least one matching
(either with the firmware-provided DT or via `.hwids`) then it'll be
used instead of the `.dtb`.

Based on #28959 and [dtbloader](https://github.com/TravMurav/dtbloader)

Closes #28959 
Fixes #31946
2024-11-14 16:26:01 +00:00
Yu Watanabe 3ea89c64c8
nspawn: several follow-ups for recent changes (#35146)
Closes #35116.
2024-11-15 00:12:40 +09:00
Yu Watanabe 360e59ed1c
network/ndisc: fix coalescing of ndisc routes when multiple router exists (#35119)
Fixes #33470.
2024-11-15 00:10:22 +09:00
anonymix007 0333b9d589 ukify: Support building UKIs with a .hwids section
This section contains a predefined set of HWIDs and the corresponding compatibles to be used in dtb matching
2024-11-14 16:42:42 +03:00
anonymix007 fa258f7729 ukify: Support building UKIs with .dtbauto sections 2024-11-14 16:42:35 +03:00
Mike Yuan c8590ad60d process-util: refuse FORK_DETACH + FORK_DEATHSIG_*
There's no synchoronization between the intermediate process
and the double-forked child, and the semantics are not useful.
Refuse such combination.
2024-11-14 12:22:15 +00:00
Mike Yuan 7eaf5ded61 async: block SIGTERM in asynchronous_rm_rf()
See justifications at https://github.com/systemd/systemd/pull/32235#issuecomment-2062327783
2024-11-14 12:21:25 +00:00
Luca Boccassi 6a479f0d63
network/netdev: follow-ups for reloading .netdev files (#34979)
Follow-ups for #34909.
2024-11-14 11:36:26 +00:00
Yu Watanabe a65f008784 TEST-13-NSPAWN: add test case for /dev/net/tun
For issue #35116.
2024-11-14 18:08:50 +09:00
Yu Watanabe 985ea98e7f nspawn: ignore failure in creating /dev/net/tun when --private-network is unspecified
Follow-up for efedb6b0f3.
Closes #35116.
2024-11-14 16:54:06 +09:00
Yu Watanabe a1fcaa1549 nspawn: split out copy_devnode_one() and bind_mount_devnode() from copy_devnodes()
While doing that, even if mknod() failed, we anyway try to fall back to
use bind mount if arg_uid_shift == 0.

Mostly no functional change, just refactoring and preparation for later commit.
2024-11-14 16:54:06 +09:00
Yu Watanabe 330e44e293 nspawn: silence warning about failure in getting fuse version
Follow-up for dc3223919f.

If nspawn is invoked with DevicePolicy= but DeviceAllow= does not
contain /dev/fuse, nspawn will fail to get fuse version with -EPERM.
Let's silence the warning in that case.
2024-11-14 16:54:06 +09:00
andre4ik3 6e207b370e
boot/stub: allocate pages for combined initrds below 4GiB only on x86 (#35149)
Outside of x86, some machines (e.g. Apple silicon, AMD Opteron A1100)
have physical memory mapped above 4GiB, meaning this allocation will
fail, causing the entire boot process to fail on these machines.

This commit makes it so that the below-4GB address space allocation
requirement is only set on x86 platforms, and not on other platforms
(that don't have the specific Linux x86 boot protocol), thereby fixing
boot on those that have no memory mapped below 4GiB in their address
space.

Tested on an Apple silicon M1 laptop and an AMD x86_64 desktop tower.

Fixes: #35026
2024-11-14 13:20:09 +09:00
Yu Watanabe 1507899383
fetch-distro: use git log --first-parent and update debian commit (#35151) 2024-11-14 12:15:38 +09:00
Yu Watanabe 300edfd982
logind-session: be more specific about session_kill() errors, plus minor fixes for sd_bus_error handling (#35150) 2024-11-14 12:04:30 +09:00
Yu Watanabe e06151b494
tmpfiles.d/meson.build: two minor tweaks (#35153) 2024-11-14 12:02:34 +09:00
Yu Watanabe 0f8afaf94d network/ndisc: dynamically configure nexthops when routes with gateway are requested
Previously, when multiple routers send RAs with the same preference,
then the kernel merges routes with the same gateway address:
===
default proto ra metric 1024 expires 595sec pref medium
        nexthop via fe80::200:10ff:fe10:1060 dev enp0s9 weight 1
        nexthop via fe80::200:10ff:fe10:1061 dev enp0s9 weight 1
===
This causes IPv6 Conformance Test v6LC.2.2.11 failure, as reported in #33470.

To avoid the coalescing issue, we can use nexthop, as suggested by Ido Schimmel:
https://lore.kernel.org/netdev/ZytjEINNRmtpadr_@shredder/
> BTW, you can avoid the coalescing problem by using the nexthop API.
> # ip nexthop add id 1 via fe80::200:10ff:fe10:1060 dev enp0s9
> # ip -6 route add default nhid 1 expires 600 proto ra
> # ip nexthop add id 2 via fe80::200:10ff:fe10:1061 dev enp0s9
> # ip -6 route append default nhid 2 expires 600 proto ra
> # ip -6 route
> fe80::/64 dev enp0s9 proto kernel metric 256 pref medium
> default nhid 1 via fe80::200:10ff:fe10:1060 dev enp0s9 proto ra metric 1024 expires 563sec pref medium
> default nhid 2 via fe80::200:10ff:fe10:1061 dev enp0s9 proto ra metric 1024 expires 594sec pref medium

Fixes #33470.

Suggested-by: Ido Schimmel <idosch@idosch.org>
2024-11-14 11:59:59 +09:00
Yu Watanabe ae2ffddcfc network/nexthop: serialize/deserialize nexthops 2024-11-14 11:59:59 +09:00
Yu Watanabe b5b42b516e network/nexthop: preparation for dynamically configuring nexthops
Preparation for later commits.
2024-11-14 11:59:59 +09:00
Yu Watanabe bdc6edbdab
network: serialize and deserialize current configuration (#34989)
Replaces #34963.

Fixes #26602.
Fixes #32569.
2024-11-14 11:59:44 +09:00
Yu Watanabe bbef21e4e5 test-network: update KeepConfiguration=dhcp -> dynamic 2024-11-14 10:24:27 +09:00
Yu Watanabe c8a7c81427 man/network: update documentation for KeepConfiguration= 2024-11-14 10:24:24 +09:00
Yu Watanabe 80a89d1ad5 network: rename KeepConfiguration=dhcp -> dynamic
KeepConfiguration=dhcp keeps not only DHCP configurations but
also SLAAC or IPV4LL. Let's rename the value to 'dynamic'.
2024-11-14 10:23:09 +09:00
Yu Watanabe d13ce4ea0d network/ipv4ll: use a foreign IPv4LL address when KeepConfiguration=dhcp
This is similar to what we do for DHCPv4 address, but for IPv4LL
address.
2024-11-14 10:23:01 +09:00
Yu Watanabe 4eca221ab8 network: keep all dynamically acquired configurations when KeepConfiguration=dhcp-on-stop
By the previous commit, configuration source of addresses and routes are
saved on stop and restored on start. Hence, we can keep dynamic
configurations on stop.

Co-authored-by: Jian Zhang <zhangjian.3032@bytedance.com>
2024-11-14 10:21:58 +09:00
Yu Watanabe c321d332e3 network: introduce manager_serialize()/deserialize()
Currently, only configuration sources and providers of addresses and
routes are serialized/deserialized.
This should mostly not change behavior, as dynamic (except for DHCPv4)
configurations will be dropped before stopping networkd, and for DHCPv4
protocol, we have already had another logic to handle DHCPv4
configurations.
Preparation for later commits.
2024-11-14 10:21:55 +09:00
Yu Watanabe f1ca3479ec networkd-test.py: show current status when wait-online failed
For easier debugging on failure.
2024-11-14 10:17:19 +09:00
Yu Watanabe 5b73edfa7f test-network: add tests for reloading .netdev files for independent netdevs 2024-11-14 10:17:19 +09:00
Yu Watanabe 34e5440fb2 network/tuntap: manage tun/tap fds by manager
Otherwise, when a .netdev file for tun or tap netdev is updated,
reloading the file leaks the previous file descriptor.
2024-11-14 10:17:19 +09:00
Yu Watanabe 69bd661a2d network/bond: do not update several parameters if already up or has slaves
Some bonding parameters cannot be updated when the netdev is already up
or already has at least one slave interface.
2024-11-14 10:17:19 +09:00
Yu Watanabe 422b7c857c network/netdev: do not try to update if not supported
Some netdevs cannot update there properties after created.
Let's skip requests in that case.
2024-11-14 10:17:19 +09:00
Yu Watanabe f264cd2037 network/netdev: fix counter handling if request is cancelled
Follow-up for 1003093604.

If a netdev is detached for some reasons, then previously the request
was simply cancelled, and the underlying interface never enter the
configured state, as the 'stacked_netdevs_created' flag never set.

This makes the counter decremented manually by the function, and set the
flag. So, the underlying interface can eter the configured state.
2024-11-14 10:17:19 +09:00
Yu Watanabe 259125d53d network/netdev: always queue request of creating netdev then process it later
After PR #34909, networkd tries to update an existing netdev interface if
possible. But, when .netdev files are loaded on start, we have not
enumerate interfaces, so we do not know if the corresponding interface
exists or not. Let's delay processing request a bit.
2024-11-14 10:17:19 +09:00
Yu Watanabe b0d2ce8342 network/netdev: enter ready state only when it is created by us
Follow-up for PR #34909.

This fixes an issue that network interfaces cannot join a master netdev,
like bond or bridge, when the corresponding .netdev is reloaded.

With PR #34909, networkd supports reloading .netdev files. However,
When a .netdev file is modified and reloaded, ifindex is copied from
the old NetDev object to the new one. Thus, even if the interface is
successfully updated, netdev_set_ifindex_impl() will return 0 and
netdev_enter_ready() will never called. If the netdev is a kind of
master netdev, then port interfaces cannot join the master netdev,
as REQUEST_TYPE_SET_LINK_MASTER requires that the master netdev is
in the ready state.
2024-11-14 10:17:19 +09:00
Yu Watanabe 09db410606 network/netdev: do not update MAC address if netdev is already running
Follow-up for 17c5337f7b.

Older kernels (older than v6.5) refuse RTM_NEWLINK messages with IFLA_ADDRESS
attribute when the netdev already exists and is running, even if the MAC
address is unchanged.

So, let's not set IFLA_ADDRESS or IFLA_MTU if they are unchanged, and
set the attributes only when we can update them.
2024-11-14 10:15:44 +09:00
Yu Watanabe ab6d427547 network/netdev: set interface name only when creating a new netdev
Otherwise, the kernel older than v6.2 will refuse the netlink message.
2024-11-14 10:01:42 +09:00
Mike Yuan 5b8b32cb09
tmpfiles.d/meson: remove the need of specifying empty condition 2024-11-13 22:51:28 +01:00
Mike Yuan 1c03fda52e
tmpfiles.d/meson: call subdir_done() early if tmpfiles is disabled 2024-11-13 22:51:27 +01:00
Luca Boccassi 1bc3095de8 mkosi: update debian commit reference
* 48fabbd5d2 Install new sd-keyutil binary in sd-repart package
* 6dd9ab10fe Update changelog for 257~rc1-4 release
* 6dd325f04b Backport patch to fix TEST-07-PID1 integration test
* 5988cc60ee Update changelog for 257~rc1-3 release
* cf3a2f7ccc Backport another patch to fix test failure on buildd
* 5d6a226dbb Update changelog for 257~rc1-2 release
* ebe97c52c8 Backport patch to fix unit test failure on buildd
* 21f63b20bb Update changelog for 257~rc1-1 release
* 0dfec51bbb d/copyright: remove pattern for directory that is no longer present
* 337b3bb2dd Ignore Lintian warning dh-exec-script-without-dh-exec-features
* b680e6b448 List new libsystemd0 symbols
* 3c00aa000c gbp.conf: use --first-parent for dch to avoid upstream commits
* d53ecc7769 Install new files
* 546e8c9137 Drop all patches, merged upstream
* 6757597480 Update upstream source from tag 'upstream/257_rc1'
* 4b82805020 gbp.conf: switch upstream branch to full upstream history
* e60c637a95 gbp.conf: enable signing tags by default
* 2ad27b63c4 Update changelog for 256.7-3 release
* a212c36c54 systemd-boot: provide integration with shim
2024-11-13 17:03:45 +00:00
Luca Boccassi d9822cd859 fetch-distro: use git log --first-parent
We now import the upstream tag in the debian repository, so
this explodes as it tries to walk all upstream commits. Use
--first-parent so that merges only get added via the merge
commit.
2024-11-13 17:03:35 +00:00
Mike Yuan 9c6dc69f3e
logind-session: be more specific about session_kill() errors
When kill_whom == _ALL, there can be two cases that lead to
ESRCH: the session expects no scope at all or the scope is
not active. Let's distinguish the two cases.
2024-11-13 17:49:07 +01:00
Mike Yuan 2f2058da0b
portable: do not use SYNTHETIC_ERRNO for sd_bus_error_set_errno()
The concept of synthetic errnos is about logging, which
is irrelevant irt bus error and we don't do any special
treatment in sd-bus for them, meaning the value propagated
would be spurious.
2024-11-13 17:47:11 +01:00
Mike Yuan 46f2dd800f
sd-bus/bus-common-errors: reorder one pid1 error to group with others 2024-11-13 17:27:10 +01:00
Lennart Poettering 9466fe014f namespace-util: pin pid via pidfd during namespace_open() 2024-11-13 14:18:05 +00:00
Luca Boccassi 4efc556211
network/ndisc: fix removal of unnecessary routes (#35128)
Follow-up for 972f1d17ab.

This fixes the logic of removing unnecessary routes configured by the
previously received RAs. Previously, we wrongly handled existing routes
could be updated, and unexpected routes would be kept.
2024-11-13 14:06:21 +00:00
Yu Watanabe b4dc8b6415
sd-boot/sd-stub: two log message fixes (#35143)
Fixes: #35033
Fixes: #35100
2024-11-13 10:09:05 +09:00
Yu Watanabe d762b14e38
audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if invoked in a container (#35072)
The auditing subsystem is still not virtualized for containers, hence
the two values don't really make sense inside them, they will just leak
information from outside into the container. Hence don't make use of the
data if we detect we are run inside of a container.

This has visible effects: logind will no longer try to reuse the
auditing session ids as its own session ids when run inside a container.

While are at it, modernize the calls in more ways:

1. switch to pidref behaviour, all but one of our uses are using pidref
anyway already.
2. use read_virtual_file() + proc_mounted()
3. reasonably distinguish ENOENT errors when reading the process proc
files: distinguish the case where /proc is not mounted, from the case
where the process is already gone, from where auditing is not enabled in
the kernel build.
2024-11-13 10:08:29 +09:00
Lennart Poettering ead9ef5027 ptyfwd: ellipsize overly long window titles
Apparently some terminal emulators have problems with overly long
titles, hence truncate them at some safe length (128).

Also, when parsing ANSI sequences ourselves accept longer sequences
(192), after all we should be fine when parsing our own title sequences.

Fixes: #35104
2024-11-13 10:07:25 +09:00
Mike Yuan e2f82f6151 various: check meson feature flag early
Prompted by https://github.com/systemd/systemd/pull/35110#discussion_r1835885340
2024-11-13 08:21:33 +09:00
Lennart Poettering f2b4f19881 pe: use PE_SECTION_VECTOR_IS_SET() macro where appropriate 2024-11-12 23:45:15 +01:00
Lennart Poettering 557d9fd5d1 pe: remove unnecessary log message about DT/HWID
Fixes: #35100
2024-11-12 23:45:14 +01:00
Lennart Poettering 1991ffa912 efi: don't log if EFI RNG isn't ready
Apparently this happens IRL on some systems, let's handle this
gracefully and don't log.

Fixes: #35033
2024-11-12 23:44:59 +01:00
Lennart Poettering c892816ceb run0: when changing privileges to non-root, do not show superhero emoji
Let's show an idcard logo instead, to indicate that we changed ids.
2024-11-12 23:09:21 +01:00
Lennart Poettering 4e0bdf950e dbus-manager: add missing word 'unit' to PK message 2024-11-12 23:09:01 +01:00
Lennart Poettering dcf5e9a6bf
tree-wide: remove some dead code (#35137) 2024-11-12 23:08:45 +01:00
Lennart Poettering 7bf0149e9b process-util: more gracefully handle oom adjust parsing/setting
Who knows what kind of mount shenanigans people employ, let's gracefully
handle parse failures of proc files, like we alway do otherwsie.
2024-11-12 23:03:40 +01:00
Lennart Poettering 68c554f23a audit-util: modernize use_audit() a bit
Use ERRNO_IS_xyz() macros where appropriate.

Also, reduce indentation a bit by inverted early check.

And log in more error codepaths.
2024-11-12 23:03:40 +01:00
Lennart Poettering 7e02ee98d8 audit-util: return -ENODATA from audit_{session|loginuid}_from_pid() if invoked in a container
The auditing subsystem is still not virtualized for containers, hence the two
values don't really make sense inside them, they will just leak
information from outside into the container. Hence don't make use of the
data if we detect we are run inside of a container.

This has visible effects: logind will no longer try to reuse the
auditing session ids as its own session ids when run inside a container.

While are at it, modernize the calls in more ways:

1. switch to pidref behaviour, all but one of our uses are using pidref
   anyway already.
2. use read_virtual_file() + proc_mounted()
3. reasonable distinguish ENOENT errors when reading the process proc
   files: distinguish the case where /proc is not mounted, from the case
   where the process is already gone, from where auditing is not enabled
   in the kernel build.
2024-11-12 23:03:03 +01:00
Davide Cavalca fa8a55a914 mkosi: ruff is not available on all distros
Refactor to only install ruff where it is available
2024-11-12 18:05:17 +00:00
Maanya Goenka 68a2a43c9b
TODO: Fix typo (#35138)
Replace confex with confext
2024-11-12 19:00:23 +01:00
Lennart Poettering 4aaabb55c7 nspawn: fix indentation of run_container() parameter list 2024-11-12 18:31:56 +01:00
Lennart Poettering 9c56a3629f mntwork: shorten code 2024-11-12 18:31:56 +01:00
Lennart Poettering 0557f82650 dissect-image: remove dead code 2024-11-12 18:31:56 +01:00
Lennart Poettering e688097ce3 mountfsd: drop unused variable 2024-11-12 18:31:56 +01:00
Antonio Alvarez Feijoo 2a310c0ad6 sbsign: remove unused --no-pager option 2024-11-12 17:52:48 +01:00
Davide Cavalca f2672f2c5d mkosi: Install tpm2-tss-devel to tools for CentOS and Fedora instead of tss2-devel
tss2-devel is the IBM TPM stack, we want the Intel TPM stack, so let's
use the correct package.
2024-11-12 22:45:25 +09:00
Yu Watanabe d7b323c2dd test-network: several cleanups
- fix verifiers in test_router_preference() to make them actually check
  if unnecessary routes are removed,
- stop radv in test_ndisc_vs_static_route() before checking if the static
  route is preserved even when the router sends a RA with zero lifetime,
- make verifiers in NetworkdIPv6PrefixTests stricter.
2024-11-12 18:08:25 +09:00
Yu Watanabe e2060bc124 network/ndisc: restore the original preference and priority before checking if existing route can be updated
Follow-up for 972f1d17ab.

This fixes the logic of removing unnecessary routes configured by the
previously received RAs. Previously, we wrongly handled existing routes
could be updated, and unexpected routes would be kept.
2024-11-12 18:08:25 +09:00
Yu Watanabe 74e0b590dd network/ndisc: introduce ndisc_route_prepare() and ndisc_router_route_prepare()
These applies common parameters to the route to be requested or removed.
No functional change, just refactoring and preparation for later
commits.
2024-11-12 18:08:25 +09:00
Yu Watanabe 42d9660f10 network/ndisc: several cleanups for ndisc_remove_route()
- drop unnecessary call of ndisc_set_route_priority() at the beginning,
  as it is called later in the loop below,
- use RET_GATHER() and remove all possible routes even if failed.
2024-11-12 18:08:25 +09:00
Yu Watanabe 2437ebee20 network/ndisc: introduce route_is_bound_to_link() helper function and use it where applicable
No functional change, and preparation for later commits.
2024-11-12 18:08:25 +09:00
189 changed files with 105635 additions and 103003 deletions

93
NEWS
View File

@ -399,6 +399,15 @@ CHANGES WITH 257 in spe:
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
* ukify gained a --certificate-provider switch to use an OpenSSL
provider to load the certificate used to sign artifacts, instead of
having to provide the path to a file on disk.
* bootctl, systemd-keyutil, systemd-measure, systemd-repart, and
systemd-sbsign gained a new --certificate-source switch that allows
loading the X.509 certificate from an OpenSSL provider instead of a
file system path.
* systemd-boot's menu will now react to volume up/down rocker presses
the same way as to arrow up/down presses: they move the menu item up
or down. This is useful on device form factors that have only a
@ -437,6 +446,9 @@ CHANGES WITH 257 in spe:
and providers, with pin caching support for PKCS11. ukify supports it
as an alternative to sbsigntool and pesign.
* A new systemd-keyutil tool has been added, that can be used to perform
various operations on private keys and X.509 certificates.
The journal:
* journalctl can now list invocations of a unit with the
@ -752,36 +764,38 @@ CHANGES WITH 257 in spe:
other cases EnterNamespace= might be an suitable approach to acquire
symbolized backtraces.)
Contributions from: A. Wilcox, Abderrahim Kitouni, Adrian Vovk,
Alain Greppin, Allison Karlitskaya, Alyssa Ross, Anders Jonsson,
Andika Triwidada, Andres Beltran, Anouk Ceyssens, Anton Golubev,
Antonio Alvarez Feijoo, Arian van Putten, Arnaud Patard,
Arthur Shau, Bastien Nocera, Benjamin ROBIN, Brenton Simpson,
Bryan Gurney, ButterflyOfFire, Carlo Teubner, Celeste Liu,
Chen Guanqiao, Chen Qi, Chengen Du, Christoph Anton Mitterer,
Colin Foster, Collin L, Cristian Rodríguez, Daan De Meyer,
Dan Nicholson, Daniel Dawson, Daniel Martinez,
Daniel P. Berrangé, Daniel Rusek, Darsey Litzenberger,
David Joaquín Shourabi Porcel, David Michael, David Rheinsberg,
David Tardon, Davide Cavalca, Derek J. Clark, Diego Viola,
Dimitrys Meliates, Diogo Ivo, DocNITE, Dominique Martinet,
Dr. David Alan Gilbert, Edson Juliano Drosdeck, Erik Sjölund,
Etienne Champetier, Etienne Cordonnier, Ettore Atalan,
Eugeny Shcheglov, Fabian Vogt, Filip Lewiński, Florian Schmaus,
Franck Bui, Frantisek Sumsal, Fábio Rodrigues Ribeiro,
Gabriel Elyas, Gaël PORTAY, Giovanni Baratta, Gregor Herburger,
Gregory Arenius, GwynBleidD, Göran Uddeborg, Hans de Goede,
Helmut Grohne, Henry Chen, Ian Abbott, Integral, Ivan Kruglov,
Ivan Shapovalov, James Coglan, James Hilliard, James Muir,
Jason Yundt, Jeffrey Bosboom, Johannes Schneider,
John A. Leuenhagen, Jose Ignacio Tornos Martinez, JoseskVolpe,
Joshua Grisham, Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk,
Karel Zak, Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Luca Boccassi, Lucas Adriano Salles, Lucas Werkmeister,
Ludwig Nussel, Luke T. Shumaker, Lukáš Nykrýn, Léane GRASSER,
Maanya Goenka, Mantas Mikulėnas, Marc Reisner, Marcel Hellwig,
Marin Kresic, Marius Hoch, Martin Srebotnjak, Martin Wilck,
Mary Strodl, Matteo Croce, Matthias Lisin, Matthias Schiffer,
Contributions from: 12paper, A. Wilcox, Abderrahim Kitouni,
Adrian Vovk, Alain Greppin, Allison Karlitskaya, Alyssa Ross,
Anders Jonsson, Andika Triwidada, Andres Beltran, Anouk Ceyssens,
Anselm Schueler, Anton Golubev, Antonio Alvarez Feijoo,
Arian van Putten, Arnaud Patard, Arthur Shau, Bastien Nocera,
Benjamin ROBIN, Brenton Simpson, Bryan Gurney, ButterflyOfFire,
Carlo Teubner, Celeste Liu, Chen Guanqiao, Chen Qi, Chengen Du,
Christoph Anton Mitterer, Colin Foster, Collin L,
Cristian Rodríguez, Daan De Meyer, Dan Nicholson, Daniel Dawson,
Daniel Martinez, Daniel P. Berrangé, Daniel Rusek,
Darsey Litzenberger, David Joaquín Shourabi Porcel,
David Michael, David Rheinsberg, David Tardon, Davide Cavalca,
Derek J. Clark, Diego Viola, Dimitrys Meliates, Diogo Ivo,
DocNITE, Dominique Martinet, Dr. David Alan Gilbert,
Edson Juliano Drosdeck, Erik Sjölund, Etienne Champetier,
Etienne Cordonnier, Ettore Atalan, Eugeny Shcheglov, Fabian Vogt,
Filip Lewiński, Florian Schmaus, Franck Bui, Frantisek Sumsal,
Fábio Rodrigues Ribeiro, Gabriel Elyas, Gaël PORTAY,
Giovanni Baratta, Gregor Herburger, Gregory Arenius, GwynBleidD,
Göran Uddeborg, Hans de Goede, Helmut Grohne, Henry Chen,
Ian Abbott, Integral, Ivan Kruglov, Ivan Shapovalov, James Coglan,
James Hilliard, James Muir, Jason Yundt, Jeffrey Bosboom,
Jian Zhang, Johannes Schneider, John A. Leuenhagen,
Jose Ignacio Tornos Martinez, JoseskVolpe, Joshua Grisham,
Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk, Karel Zak,
Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Lidong Zhong, Luca Boccassi, Lucas Adriano Salles,
Lucas Werkmeister, Ludwig Nussel, Luke T. Shumaker,
Lukáš Nykrýn, Luna Jernberg, Léane GRASSER, Maanya Goenka,
Mantas Mikulėnas, Marc Reisner, Marcel Hellwig, Marin Kresic,
Marius Hoch, Martin Srebotnjak, Martin Wilck, Mary Strodl,
Matteo Croce, Matthias Lisin, Matthias Schiffer,
Matthieu Baerts (NGI0), Matthieu CHARETTE,
Mauri de Souza Meneguzzo, Maximilian Wilhelm, Merlin Jehli,
Michael Ferrari, Michal Koutný, Michal Sekletár,
@ -795,16 +809,17 @@ CHANGES WITH 257 in spe:
Stuart Hayhurst, Susant Sahani, Takeo Kondo, Temuri Doghonadze,
Thomas Blume, Thorsten Scherer, Tobias Fleig, Tom Coldrick,
Tom Yan, Tomas Bzatek, Topi Miettinen, Uday Shankar,
Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo, Vladimir Panteleev,
Will Fancher, WilliButz, Xeonacid, Yanqing Jing, Yu Watanabe,
Yuri Chornoivan, ZHANG Yuntian, Zbigniew Jędrzejewski-Szmek,
Zhou Qiankang, anonymix007, bryango, chayleaf, chenjiayi, csp5me,
cvlc12, fwfy, hugo303, jan@neighbourhood.ie, jauge-technica, lumingzh,
maia x., marginaldev, migleeson, nerdopolis, oldherl, pyfisch, q66,
rajmohan r, reDBo0n, rhellstrom, rindeal, samuelvw01, sinus-x, tfg13,
vdovhanych, xujing, Łukasz Stelmach, Дамјан Георгиевски
Valentin David, Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo,
Vladimir Panteleev, Vursc, Will Fancher, WilliButz, Xeonacid,
Yanqing Jing, Yu Watanabe, Yuri Chornoivan, ZHANG Yuntian,
Zbigniew Jędrzejewski-Szmek, Zhou Qiankang, andre4ik3, anonymix007,
bryango, chayleaf, chenjiayi, csp5me, cvlc12, fwfy, hugo303,
jan@neighbourhood.ie, jauge-technica, lumingzh, maia x., marginaldev,
migleeson, nerdopolis, oldherl, pyfisch, q66, rajmohan r, reDBo0n,
rhellstrom, rindeal, samuelvw01, sinus-x, tfg13, vdovhanych, xujing,
Łukasz Stelmach, Štěpán Němec, Дамјан Георгиевски
— Edinburgh, 2024-11-06
— Edinburgh, 2024-11-15
CHANGES WITH 256:

16
TODO
View File

@ -129,6 +129,20 @@ Deprecations and removals:
Features:
* Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
users how to connect to the system via the AF_VSOCK, as per:
https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
* maybe introduce an OSC sequence that signals when we ask for a password, so
that terminal emulators can maybe connect a password manager or so, and
highlight things specially.
* Port pidref_namespace_open() to use PIDFD_GET_MNT_NAMESPACE and related
ioctls to get nsfds directly from pidfds.
* start using STATX_SUBVOL in btrfs_is_subvol(). Also, make use of it
generically, so that image discovery recognizes bcachefs subvols too.
* format-table: introduce new cell type for strings with ansi sequences in
them. display them in regular output mode (via strip_tab_ansi()), but
suppress them in json mode.
@ -2050,7 +2064,7 @@ Features:
with other units https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/hw-vuln/core-scheduling.rst
- ExtensionImages= deduplication for services is currently only applied to disk images without GPT envelope.
This should be extended to work with proper DDIs too, as well as directory confext/sysext. Moreover,
system-wide confex/sysext should support this too.
system-wide confext/sysext should support this too.
- Pin the mount namespace via FD by sending it back from sd-exec to the manager, and use it
for live mounting, instead of doing it via PID

View File

@ -36123,7 +36123,7 @@ OUI:00A044*
ID_OUI_FROM_DATABASE=NTT IT CO., LTD.
OUI:00A045*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:00A046*
ID_OUI_FROM_DATABASE=SCITEX CORP. LTD.
@ -40088,6 +40088,9 @@ OUI:044707*
OUI:04472A*
ID_OUI_FROM_DATABASE=Palo Alto Networks
OUI:0447CA*
ID_OUI_FROM_DATABASE=GREE ELECTRIC APPLIANCES, INC. OF ZHUHAI
OUI:04489A*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -40556,6 +40559,9 @@ OUI:04AC44*
OUI:04AEC7*
ID_OUI_FROM_DATABASE=Marquardt
OUI:04B066*
ID_OUI_FROM_DATABASE=Private
OUI:04B0E7*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -43058,12 +43064,30 @@ OUI:0C47A90*
OUI:0C47A91*
ID_OUI_FROM_DATABASE=Shanghai BST Electric Co.,ltd
OUI:0C47A92*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A93*
ID_OUI_FROM_DATABASE=HONGKONG STONEOIM TECHNOLOGY LIMITED
OUI:0C47A94*
ID_OUI_FROM_DATABASE=Private
OUI:0C47A95*
ID_OUI_FROM_DATABASE=Everon Co., Ltd.
OUI:0C47A96*
ID_OUI_FROM_DATABASE=Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
OUI:0C47A97*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A98*
ID_OUI_FROM_DATABASE=Honest Networks LLC
OUI:0C47A99*
ID_OUI_FROM_DATABASE=Shanghai Sigen New Energy Technology Co., Ltd
OUI:0C47A9A*
ID_OUI_FROM_DATABASE=Lens Technology (Xiangtan) Co.,Ltd
@ -43076,6 +43100,9 @@ OUI:0C47A9C*
OUI:0C47A9D*
ID_OUI_FROM_DATABASE=DIG_LINK
OUI:0C47A9E*
ID_OUI_FROM_DATABASE=BGResearch
OUI:0C47C9*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
@ -43598,6 +43625,9 @@ OUI:0C9301*
OUI:0C938F*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
OUI:0C93A5*
ID_OUI_FROM_DATABASE=eero inc.
OUI:0C93FB*
ID_OUI_FROM_DATABASE=BNS Solutions
@ -44027,6 +44057,9 @@ OUI:0CEC84*
OUI:0CEC8D*
ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company
OUI:0CED71*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:0CEDC8*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -46211,6 +46244,9 @@ OUI:147F67*
OUI:147FCE*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:1480CC*
ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd.
OUI:14825B*
ID_OUI_FROM_DATABASE=Hefei Radio Communication Technology Co., Ltd
@ -47297,6 +47333,9 @@ OUI:1869DA*
OUI:186A81*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:186BE2*
ID_OUI_FROM_DATABASE=LYLINK LIMITED
OUI:186D99*
ID_OUI_FROM_DATABASE=Adanis Inc.
@ -48560,6 +48599,9 @@ OUI:1C4D70*
OUI:1C4D89*
ID_OUI_FROM_DATABASE=Hangzhou Huacheng Network Technology Co.,Ltd
OUI:1C4EA2*
ID_OUI_FROM_DATABASE=Shenzhen V-Link Technology CO., LTD.
OUI:1C501E*
ID_OUI_FROM_DATABASE=Sunplus Technology Co., Ltd.
@ -48809,6 +48851,9 @@ OUI:1C77F6*
OUI:1C7839*
ID_OUI_FROM_DATABASE=Shenzhen Tencent Computer System Co., Ltd.
OUI:1C784B*
ID_OUI_FROM_DATABASE=Bouffalo Lab (Nanjing) Co., Ltd.
OUI:1C784E*
ID_OUI_FROM_DATABASE=China Mobile Iot Limited company
@ -49145,6 +49190,9 @@ OUI:1C937C*
OUI:1C93C4*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
OUI:1C9468*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:1C9492*
ID_OUI_FROM_DATABASE=RUAG Schweiz AG
@ -51335,6 +51383,9 @@ OUI:24470E*
OUI:244845*
ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd.
OUI:244885*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:24497B*
ID_OUI_FROM_DATABASE=Innovative Converged Devices Inc
@ -53387,6 +53438,9 @@ OUI:28DB81*
OUI:28DBA7*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:28DE1C*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:28DE59*
ID_OUI_FROM_DATABASE=Domus NTW CORP.
@ -54396,7 +54450,7 @@ OUI:2C691D3*
ID_OUI_FROM_DATABASE=Sunsa, Inc
OUI:2C691D4*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:2C691D5*
ID_OUI_FROM_DATABASE=LG Electronics Inc.
@ -55172,6 +55226,9 @@ OUI:2CFFEE*
OUI:3000FC*
ID_OUI_FROM_DATABASE=Nokia
OUI:3001AF*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:3003C8*
ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD.
@ -56345,6 +56402,9 @@ OUI:30E3D6*
OUI:30E48E*
ID_OUI_FROM_DATABASE=Vodafone UK
OUI:30E4D8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30E4DB*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -56360,6 +56420,9 @@ OUI:30E98E*
OUI:30EA26*
ID_OUI_FROM_DATABASE=Sycada BV
OUI:30EB15*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30EB1F*
ID_OUI_FROM_DATABASE=Skylab M&C Technology Co.,Ltd
@ -57137,6 +57200,9 @@ OUI:346F92*
OUI:346FED*
ID_OUI_FROM_DATABASE=Enovation Controls
OUI:347069*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:347146*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
@ -57887,6 +57953,9 @@ OUI:34F39A*
OUI:34F39B*
ID_OUI_FROM_DATABASE=WizLAN Ltd.
OUI:34F5D7*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:34F62D*
ID_OUI_FROM_DATABASE=SHARP Corporation
@ -58382,6 +58451,9 @@ OUI:384C4F*
OUI:384C90*
ID_OUI_FROM_DATABASE=Commscope
OUI:384DD2*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:384F49*
ID_OUI_FROM_DATABASE=Juniper Networks
@ -60650,6 +60722,9 @@ OUI:3CE624*
OUI:3CE824*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:3CE86E*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:3CE90E*
ID_OUI_FROM_DATABASE=Espressif Inc.
@ -62984,6 +63059,9 @@ OUI:44AAE8*
OUI:44AAF5*
ID_OUI_FROM_DATABASE=Commscope
OUI:44AC85*
ID_OUI_FROM_DATABASE=eero inc.
OUI:44AD19*
ID_OUI_FROM_DATABASE=XINGFEI H.KLIMITED
@ -63356,6 +63434,9 @@ OUI:44F477*
OUI:44F4E7*
ID_OUI_FROM_DATABASE=Cohesity Inc
OUI:44F53E*
ID_OUI_FROM_DATABASE=Earda Technologies co Ltd
OUI:44F770*
ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd
@ -67448,6 +67529,9 @@ OUI:50E039*
OUI:50E085*
ID_OUI_FROM_DATABASE=Intel Corporate
OUI:50E099*
ID_OUI_FROM_DATABASE=HangZhou Atuo Future Technology Co., Ltd
OUI:50E0C7*
ID_OUI_FROM_DATABASE=TurControlSystme AG
@ -68237,6 +68321,9 @@ OUI:547D40*
OUI:547DCD*
ID_OUI_FROM_DATABASE=Texas Instruments
OUI:547E1A*
ID_OUI_FROM_DATABASE=Kaon Group Co., Ltd.
OUI:547F54*
ID_OUI_FROM_DATABASE=INGENICO
@ -69941,6 +70028,9 @@ OUI:58DB8D*
OUI:58DC6D*
ID_OUI_FROM_DATABASE=Exceptional Innovation, Inc.
OUI:58DF59*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:58E02C*
ID_OUI_FROM_DATABASE=Micro Technic A/S
@ -70085,6 +70175,9 @@ OUI:58F987*
OUI:58F98E*
ID_OUI_FROM_DATABASE=SECUDOS GmbH
OUI:58FB3E*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:58FB84*
ID_OUI_FROM_DATABASE=Intel Corporate
@ -74438,6 +74531,9 @@ OUI:684F64*
OUI:68505D*
ID_OUI_FROM_DATABASE=Halo Technologies
OUI:68508C*
ID_OUI_FROM_DATABASE=Shanghai Sunmi Technology Co.,Ltd.
OUI:685134*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
@ -74849,6 +74945,9 @@ OUI:689A87*
OUI:689AB7*
ID_OUI_FROM_DATABASE=Atelier Vision Corporation
OUI:689B43*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:689C5E*
ID_OUI_FROM_DATABASE=AcSiP Technology Corp.
@ -94458,7 +94557,7 @@ OUI:7CBD06*
ID_OUI_FROM_DATABASE=AE REFUsol
OUI:7CBF77*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:7CBF88*
ID_OUI_FROM_DATABASE=Mobilicom LTD
@ -95102,6 +95201,9 @@ OUI:802E14*
OUI:802EC3*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:802EDE*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:802FDE*
ID_OUI_FROM_DATABASE=Zurich Instruments AG
@ -95177,6 +95279,9 @@ OUI:803C20*
OUI:803E48*
ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT
OUI:803E4F*
ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd.
OUI:803F5D*
ID_OUI_FROM_DATABASE=Winstars Technology Ltd
@ -95426,6 +95531,9 @@ OUI:8077A4*
OUI:807871*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:807933*
ID_OUI_FROM_DATABASE=Aigentec Technology(Zhejiang) Co., Ltd.
OUI:80795D*
ID_OUI_FROM_DATABASE=Infinix mobility limited
@ -97790,6 +97898,9 @@ OUI:884477*
OUI:8844F6*
ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:8845F0*
ID_OUI_FROM_DATABASE=GUANGDONG GENIUS TECHNOLOGY CO., LTD.
OUI:884604*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -99572,6 +99683,9 @@ OUI:8C1F64154*
OUI:8C1F64155*
ID_OUI_FROM_DATABASE=SLAT
OUI:8C1F64159*
ID_OUI_FROM_DATABASE=Mediana Co., Ltd.
OUI:8C1F6415A*
ID_OUI_FROM_DATABASE=ASHIDA Electronics Pvt. Ltd
@ -99698,6 +99812,9 @@ OUI:8C1F641B9*
OUI:8C1F641BB*
ID_OUI_FROM_DATABASE=Renwei Electronics Technology (Shenzhen) Co.,LTD.
OUI:8C1F641BC*
ID_OUI_FROM_DATABASE=Transit Solutions, LLC.
OUI:8C1F641BD*
ID_OUI_FROM_DATABASE=DORLET SAU
@ -99797,6 +99914,9 @@ OUI:8C1F64203*
OUI:8C1F64204*
ID_OUI_FROM_DATABASE=castcore
OUI:8C1F64206*
ID_OUI_FROM_DATABASE=KRYFS TECHNOLOGIES PRIVATE LIMITED
OUI:8C1F64208*
ID_OUI_FROM_DATABASE=Sichuan AnSphere Technology Co. Ltd.
@ -100373,6 +100493,9 @@ OUI:8C1F64392*
OUI:8C1F64393*
ID_OUI_FROM_DATABASE=GRE SYSTEM INC.
OUI:8C1F64394*
ID_OUI_FROM_DATABASE=Ceranext Ltd
OUI:8C1F64395*
ID_OUI_FROM_DATABASE=Beijing Ceresdata Technology Co., LTD
@ -100565,6 +100688,9 @@ OUI:8C1F64417*
OUI:8C1F64419*
ID_OUI_FROM_DATABASE=Naval Group
OUI:8C1F6441B*
ID_OUI_FROM_DATABASE=ENERGY POWER PRODUCTS LIMITED
OUI:8C1F6441C*
ID_OUI_FROM_DATABASE=KSE GmbH
@ -102014,6 +102140,9 @@ OUI:8C1F64803*
OUI:8C1F64804*
ID_OUI_FROM_DATABASE=EA Elektro-Automatik
OUI:8C1F64806*
ID_OUI_FROM_DATABASE=Matrixspace
OUI:8C1F64807*
ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA
@ -102620,6 +102749,9 @@ OUI:8C1F649B3*
OUI:8C1F649B6*
ID_OUI_FROM_DATABASE=GS Elektromedizinsiche Geräte G. Stemple GmbH
OUI:8C1F649B8*
ID_OUI_FROM_DATABASE=Makel Elektrik Malzemeleri A.Ş.
OUI:8C1F649B9*
ID_OUI_FROM_DATABASE=QUERCUS TECHNOLOGIES, S.L.
@ -104366,6 +104498,9 @@ OUI:8C1F64E80*
OUI:8C1F64E86*
ID_OUI_FROM_DATABASE=ComVetia AG
OUI:8C1F64E88*
ID_OUI_FROM_DATABASE=SiFive Inc
OUI:8C1F64E89*
ID_OUI_FROM_DATABASE=PADL Software Pty Ltd
@ -104828,6 +104963,9 @@ OUI:8C1F64FDA*
OUI:8C1F64FDC*
ID_OUI_FROM_DATABASE=Nuphoton Technologies
OUI:8C1F64FDF*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company
OUI:8C1F64FE0*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company
@ -108248,6 +108386,9 @@ OUI:94A04E*
OUI:94A07D*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:94A081*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:94A1A2*
ID_OUI_FROM_DATABASE=AMPAK Technology, Inc.
@ -109112,6 +109253,9 @@ OUI:981E0F*
OUI:981E19*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:981E89*
ID_OUI_FROM_DATABASE=Tianyi Telecom Terminals Company Limited
OUI:981FB1*
ID_OUI_FROM_DATABASE=Shenzhen Lemon Network Technology Co.,Ltd
@ -109841,6 +109985,9 @@ OUI:98A404*
OUI:98A40E*
ID_OUI_FROM_DATABASE=Snap, Inc.
OUI:98A44E*
ID_OUI_FROM_DATABASE=IEC Technologies S. de R.L de C.V.
OUI:98A5F9*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -111275,6 +111422,9 @@ OUI:9CB793*
OUI:9CB8B4*
ID_OUI_FROM_DATABASE=AMPAK Technology,Inc.
OUI:9CBAC9*
ID_OUI_FROM_DATABASE=Telit Communication s.p.a
OUI:9CBB98*
ID_OUI_FROM_DATABASE=Shen Zhen RND Electronic Co.,LTD
@ -111710,6 +111860,9 @@ OUI:A00BBA*
OUI:A00CA1*
ID_OUI_FROM_DATABASE=SKTB SKiT
OUI:A00CE2*
ID_OUI_FROM_DATABASE=Shenzhen Shokz Co., Ltd.
OUI:A00E98*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -113801,6 +113954,9 @@ OUI:A47C1F*
OUI:A47CC9*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:A47D78*
ID_OUI_FROM_DATABASE=Edgecore Americas Networking Corporation
OUI:A47D9F*
ID_OUI_FROM_DATABASE=Shenzhen iComm Semiconductor CO.,LTD
@ -115011,7 +115167,7 @@ OUI:A87285*
ID_OUI_FROM_DATABASE=IDT, INC.
OUI:A8741D*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:A87484*
ID_OUI_FROM_DATABASE=zte corporation
@ -115118,6 +115274,9 @@ OUI:A88D7B*
OUI:A88E24*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:A88F99*
ID_OUI_FROM_DATABASE=Arista Networks
OUI:A88FD9*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -119228,6 +119387,9 @@ OUI:B4C810*
OUI:B4C9B9*
ID_OUI_FROM_DATABASE=Sichuan AI-Link Technology Co., Ltd.
OUI:B4CADD*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:B4CB57*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
@ -120413,6 +120575,9 @@ OUI:B8D4C3*
OUI:B8D4E7*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:B8D4F7*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:B8D50B*
ID_OUI_FROM_DATABASE=Sunitec Enterprise Co.,Ltd
@ -122114,6 +122279,12 @@ OUI:C02C5C*
OUI:C02C7A*
ID_OUI_FROM_DATABASE=Shenzhen Horn Audio Co.,Ltd.
OUI:C02CED*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:C02D2E*
ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd.
OUI:C02DEE*
ID_OUI_FROM_DATABASE=Cuff
@ -123200,6 +123371,9 @@ OUI:C0F79D*
OUI:C0F827*
ID_OUI_FROM_DATABASE=Rapidmax Technology Corporation
OUI:C0F853*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:C0F87F*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -126368,6 +126542,9 @@ OUI:CC10A3*
OUI:CC115A*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:CC1228*
ID_OUI_FROM_DATABASE=HISENSE VISUAL TECHNOLOGY CO.,LTD
OUI:CC14A6*
ID_OUI_FROM_DATABASE=Yichun MyEnergy Domain, Inc
@ -126458,6 +126635,9 @@ OUI:CC1FC4*
OUI:CC208C*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:CC20AC*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:CC20E8*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -127037,6 +127217,9 @@ OUI:CC896C*
OUI:CC89FD*
ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:CC8A84*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:CC8C17*
ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED
@ -127362,7 +127545,7 @@ OUI:CCCCCC*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:CCCCEA*
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
OUI:CCCD64*
ID_OUI_FROM_DATABASE=SM-Electronic GmbH
@ -130773,7 +130956,7 @@ OUI:D822F4*
ID_OUI_FROM_DATABASE=Avnet Silica
OUI:D823E0*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
OUI:D82477*
ID_OUI_FROM_DATABASE=Universal Electric Corporation
@ -130958,6 +131141,9 @@ OUI:D8490B*
OUI:D8492F*
ID_OUI_FROM_DATABASE=CANON INC.
OUI:D849BF*
ID_OUI_FROM_DATABASE=CELESTICA INC.
OUI:D84A2B*
ID_OUI_FROM_DATABASE=zte corporation
@ -131543,6 +131729,9 @@ OUI:D8C771*
OUI:D8C7C8*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:D8C80C*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:D8C8E9*
ID_OUI_FROM_DATABASE=Phicomm (Shanghai) Co., Ltd.
@ -132101,6 +132290,9 @@ OUI:DC41A9*
OUI:DC41E5*
ID_OUI_FROM_DATABASE=Shenzhen Zhixin Data Service Co., Ltd.
OUI:DC42C8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:DC44270*
ID_OUI_FROM_DATABASE=Suritel
@ -133175,6 +133367,9 @@ OUI:E021FE*
OUI:E02202*
ID_OUI_FROM_DATABASE=Commscope
OUI:E022A1*
ID_OUI_FROM_DATABASE=AltoBeam Inc.
OUI:E023D7*
ID_OUI_FROM_DATABASE=Sleep Number
@ -135413,6 +135608,9 @@ OUI:E4FC82*
OUI:E4FD45*
ID_OUI_FROM_DATABASE=Intel Corporate
OUI:E4FD8C*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:E4FDA1*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -136478,6 +136676,9 @@ OUI:E8CD2D*
OUI:E8CE06*
ID_OUI_FROM_DATABASE=SkyHawke Technologies, LLC.
OUI:E8CF83*
ID_OUI_FROM_DATABASE=Dell Inc.
OUI:E8D03C*
ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd
@ -137312,6 +137513,30 @@ OUI:EC748C*
OUI:EC74BA*
ID_OUI_FROM_DATABASE=Hirschmann Automation and Control GmbH
OUI:EC74CD3*
ID_OUI_FROM_DATABASE=iSolution Technologies Co.,Ltd.
OUI:EC74CD5*
ID_OUI_FROM_DATABASE=Standard Backhaul Communications
OUI:EC74CD6*
ID_OUI_FROM_DATABASE=Platypus
OUI:EC74CD8*
ID_OUI_FROM_DATABASE=TRANS AUDIO VIDEO SRL
OUI:EC74CD9*
ID_OUI_FROM_DATABASE=Sound Health Systems
OUI:EC74CDA*
ID_OUI_FROM_DATABASE=Bosch (zhuhai) Security Systems Company, Ltd.
OUI:EC74CDB*
ID_OUI_FROM_DATABASE=Hitachi Rail GTS Austria GmbH
OUI:EC74CDD*
ID_OUI_FROM_DATABASE=Shenzhen Ting-Shine Technology Co., Ltd.
OUI:EC74D7*
ID_OUI_FROM_DATABASE=Grandstream Networks Inc
@ -143102,6 +143327,9 @@ OUI:FCB467*
OUI:FCB4E6*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:FCB577*
ID_OUI_FROM_DATABASE=Cortex Security Inc
OUI:FCB585*
ID_OUI_FROM_DATABASE=Shenzhen Water World Information Co.,Ltd.
@ -143159,6 +143387,9 @@ OUI:FCC23D*
OUI:FCC2DE*
ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd.
OUI:FCC2E5*
ID_OUI_FROM_DATABASE=HOLOWITS TECHNOLOGIES CO.,LTD
OUI:FCC734*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd

View File

@ -2019,9 +2019,6 @@ acpi:DEL*:
acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEN*:
ID_VENDOR_FROM_DATABASE=Densitron Computers Ltd

View File

@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base 2024-11-06 10:40:14.734611315 +0000
+++ 20-acpi-vendor.hwdb 2024-11-06 10:40:14.738611667 +0000
--- 20-acpi-vendor.hwdb.base 2024-11-15 17:16:38.971258201 +0000
+++ 20-acpi-vendor.hwdb 2024-11-15 17:16:38.979258339 +0000
@@ -3,6 +3,8 @@
# Data imported from:
# https://uefi.org/uefi-pnp-export
@ -137,7 +137,7 @@
acpi:COI*:
ID_VENDOR_FROM_DATABASE=Codec Inc.
@@ -2063,7 +2092,7 @@
@@ -2060,7 +2089,7 @@
ID_VENDOR_FROM_DATABASE=Dragon Information Technology
acpi:DJE*:
@ -146,7 +146,7 @@
acpi:DJP*:
ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
@@ -2416,6 +2445,9 @@
@@ -2413,6 +2442,9 @@
acpi:EIN*:
ID_VENDOR_FROM_DATABASE=Elegant Invention
@ -156,7 +156,7 @@
acpi:EKA*:
ID_VENDOR_FROM_DATABASE=MagTek Inc.
@@ -2686,6 +2718,9 @@
@@ -2683,6 +2715,9 @@
acpi:FCG*:
ID_VENDOR_FROM_DATABASE=First International Computer Ltd
@ -166,7 +166,7 @@
acpi:FCS*:
ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
@@ -3062,7 +3097,7 @@
@@ -3059,7 +3094,7 @@
ID_VENDOR_FROM_DATABASE=General Standards Corporation
acpi:GSM*:
@ -175,7 +175,7 @@
acpi:GSN*:
ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
@@ -3172,6 +3207,9 @@
@@ -3169,6 +3204,9 @@
acpi:HEC*:
ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
@ -185,7 +185,7 @@
acpi:HEL*:
ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
@@ -3307,6 +3345,9 @@
@@ -3304,6 +3342,9 @@
acpi:HSD*:
ID_VENDOR_FROM_DATABASE=HannStar Display Corp
@ -195,7 +195,7 @@
acpi:HSM*:
ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
@@ -3433,6 +3474,9 @@
@@ -3430,6 +3471,9 @@
acpi:ICI*:
ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
@ -205,7 +205,7 @@
acpi:ICM*:
ID_VENDOR_FROM_DATABASE=Intracom SA
@@ -3529,6 +3573,9 @@
@@ -3526,6 +3570,9 @@
acpi:IKE*:
ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
@ -215,7 +215,7 @@
acpi:IKS*:
ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
@@ -3577,6 +3624,9 @@
@@ -3574,6 +3621,9 @@
acpi:IMX*:
ID_VENDOR_FROM_DATABASE=arpara Technology Co., Ltd.
@ -225,7 +225,7 @@
acpi:INA*:
ID_VENDOR_FROM_DATABASE=Inventec Corporation
@@ -4105,6 +4155,9 @@
@@ -4102,6 +4152,9 @@
acpi:LAN*:
ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
@ -235,7 +235,7 @@
acpi:LAS*:
ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
@@ -4156,6 +4209,9 @@
@@ -4153,6 +4206,9 @@
acpi:LED*:
ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
@ -245,7 +245,7 @@
acpi:LEG*:
ID_VENDOR_FROM_DATABASE=Legerity, Inc
@@ -4174,6 +4230,9 @@
@@ -4171,6 +4227,9 @@
acpi:LGD*:
ID_VENDOR_FROM_DATABASE=LG Display
@ -255,7 +255,7 @@
acpi:LGI*:
ID_VENDOR_FROM_DATABASE=Logitech Inc
@@ -4240,6 +4299,9 @@
@@ -4237,6 +4296,9 @@
acpi:LND*:
ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
@ -265,7 +265,7 @@
acpi:LNK*:
ID_VENDOR_FROM_DATABASE=Link Tech Inc
@@ -4274,7 +4336,7 @@
@@ -4271,7 +4333,7 @@
ID_VENDOR_FROM_DATABASE=Design Technology
acpi:LPL*:
@ -274,7 +274,7 @@
acpi:LSC*:
ID_VENDOR_FROM_DATABASE=LifeSize Communications
@@ -4450,6 +4512,9 @@
@@ -4447,6 +4509,9 @@
acpi:MCX*:
ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
@ -284,7 +284,7 @@
acpi:MDA*:
ID_VENDOR_FROM_DATABASE=Media4 Inc
@@ -4696,6 +4761,9 @@
@@ -4693,6 +4758,9 @@
acpi:MOM*:
ID_VENDOR_FROM_DATABASE=Momentum Data Systems
@ -294,7 +294,7 @@
acpi:MOS*:
ID_VENDOR_FROM_DATABASE=Moses Corporation
@@ -4936,6 +5004,9 @@
@@ -4933,6 +5001,9 @@
acpi:NAL*:
ID_VENDOR_FROM_DATABASE=Network Alchemy
@ -304,7 +304,7 @@
acpi:NAT*:
ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
@@ -5476,6 +5547,9 @@
@@ -5473,6 +5544,9 @@
acpi:PCX*:
ID_VENDOR_FROM_DATABASE=PC Xperten
@ -314,7 +314,7 @@
acpi:PDM*:
ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
@@ -5539,9 +5613,6 @@
@@ -5536,9 +5610,6 @@
acpi:PHE*:
ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
@ -324,7 +324,7 @@
acpi:PHL*:
ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
@@ -5632,9 +5703,6 @@
@@ -5629,9 +5700,6 @@
acpi:PNL*:
ID_VENDOR_FROM_DATABASE=Panelview, Inc.
@ -334,7 +334,7 @@
acpi:PNR*:
ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
@@ -6112,9 +6180,6 @@
@@ -6109,9 +6177,6 @@
acpi:RTI*:
ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
@ -344,7 +344,7 @@
acpi:RTL*:
ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
@@ -6289,9 +6354,6 @@
@@ -6286,9 +6351,6 @@
acpi:SEE*:
ID_VENDOR_FROM_DATABASE=SeeColor Corporation
@ -354,7 +354,7 @@
acpi:SEI*:
ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
@@ -6775,6 +6837,9 @@
@@ -6772,6 +6834,9 @@
acpi:SVD*:
ID_VENDOR_FROM_DATABASE=SVD Computer
@ -364,7 +364,7 @@
acpi:SVI*:
ID_VENDOR_FROM_DATABASE=Sun Microsystems
@@ -6859,6 +6924,9 @@
@@ -6856,6 +6921,9 @@
acpi:SZM*:
ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
@ -374,7 +374,7 @@
acpi:TAA*:
ID_VENDOR_FROM_DATABASE=Tandberg
@@ -6949,6 +7017,9 @@
@@ -6946,6 +7014,9 @@
acpi:TDG*:
ID_VENDOR_FROM_DATABASE=Six15 Technologies
@ -384,7 +384,7 @@
acpi:TDM*:
ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
@@ -6991,6 +7062,9 @@
@@ -6988,6 +7059,9 @@
acpi:TEV*:
ID_VENDOR_FROM_DATABASE=Televés, S.A.
@ -394,7 +394,7 @@
acpi:TEZ*:
ID_VENDOR_FROM_DATABASE=Tech Source Inc.
@@ -7120,9 +7194,6 @@
@@ -7117,9 +7191,6 @@
acpi:TNC*:
ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
@ -404,7 +404,7 @@
acpi:TNM*:
ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
@@ -7432,14 +7503,14 @@
@@ -7429,14 +7500,14 @@
acpi:UNC*:
ID_VENDOR_FROM_DATABASE=Unisys Corporation
@ -425,7 +425,7 @@
acpi:UNI*:
ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
@@ -7474,6 +7545,9 @@
@@ -7471,6 +7542,9 @@
acpi:USA*:
ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
@ -435,7 +435,7 @@
acpi:USD*:
ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
@@ -7735,9 +7809,6 @@
@@ -7732,9 +7806,6 @@
acpi:WAL*:
ID_VENDOR_FROM_DATABASE=Wave Access
@ -445,7 +445,7 @@
acpi:WAV*:
ID_VENDOR_FROM_DATABASE=Wavephore
@@ -7865,7 +7936,7 @@
@@ -7862,7 +7933,7 @@
ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
acpi:WYS*:
@ -454,7 +454,7 @@
acpi:WYT*:
ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
@@ -7879,9 +7950,6 @@
@@ -7876,9 +7947,6 @@
acpi:XDM*:
ID_VENDOR_FROM_DATABASE=XDM Ltd.
@ -464,7 +464,7 @@
acpi:XES*:
ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
@@ -7915,9 +7983,6 @@
@@ -7912,9 +7980,6 @@
acpi:XNT*:
ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
@ -474,7 +474,7 @@
acpi:XQU*:
ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
@@ -7984,6 +8049,9 @@
@@ -7981,6 +8046,9 @@
acpi:ZBX*:
ID_VENDOR_FROM_DATABASE=Zebax Technologies

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
###########################################################
# Maxdata
###########################################################

View File

@ -376,11 +376,12 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B/i18D)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni18D:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube iWork 10 Flagship
@ -952,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
#########################################
# Pipo
#########################################

File diff suppressed because it is too large Load Diff

View File

@ -770,12 +770,6 @@ C00000-CFFFFF (base 16) HANGZHOU ZHONGKEJIGUANG TECHNOLOGY CO., LTD
HANGZHOU Zhejiang 310018
CN
2C-69-1D (hex) SPEEDTECH CORP.
400000-4FFFFF (base 16) SPEEDTECH CORP.
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
2C-69-1D (hex) IBM
800000-8FFFFF (base 16) IBM
9000 South Rita Rd
@ -6788,6 +6782,30 @@ AC-EF-92 (hex) CEER NATIONAL AUTOMOTIVE COMPANY
Shanghai 201316
CN
0C-47-A9 (hex) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
600000-6FFFFF (base 16) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
103, Bldg1, Meicheng Ind Park, No.4, Xinhe St, Maantang Community, Bantian St, Longgang Dist
Shenzhen Guangdong 518000
CN
EC-74-CD (hex) Bosch (zhuhai) Security Systems Company, Ltd.
A00000-AFFFFF (base 16) Bosch (zhuhai) Security Systems Company, Ltd.
20 Ji Chang Bei Road, Qingwan Industrial Estate, | Sanzao Town, Jinwan District
Zhuhai Guangdong 519040
CN
0C-47-A9 (hex) Shanghai Sigen New Energy Technology Co., Ltd
900000-9FFFFF (base 16) Shanghai Sigen New Energy Technology Co., Ltd
Room 514 The 5th Floor, No.175 Weizhan Road China (Shanghai) Plilot Free Trade Zone
Shanghai 201306
CN
2C-69-1D (hex) SPEEDTECH CORP. JIO
400000-4FFFFF (base 16) SPEEDTECH CORP. JIO
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
B8-4C-87 (hex) Shenzhen Link-all Technology Co., Ltd
300000-3FFFFF (base 16) Shenzhen Link-all Technology Co., Ltd
Floor 5th, Block 9th, Sunny Industrial Zone, Xili Town, Nanshan District, Shenzhen, China
@ -13073,6 +13091,18 @@ A00000-AFFFFF (base 16) Lens Technology (Xiangtan) Co.,Ltd
Xiangtan Hunan 411100
CN
EC-74-CD (hex) Shenzhen Ting-Shine Technology Co., Ltd.
D00000-DFFFFF (base 16) Shenzhen Ting-Shine Technology Co., Ltd.
No. 148, Huarong Road, Longhua District, Shenzhen
Shenzhen Guangdong 518083
CN
EC-74-CD (hex) iSolution Technologies Co.,Ltd.
300000-3FFFFF (base 16) iSolution Technologies Co.,Ltd.
5F,Bldg #6, Zhongguan Honghualing Industrial South Park
Shenzhen Guangdong 518055
CN
B8-4C-87 (hex) Altronix , Corp
A00000-AFFFFF (base 16) Altronix , Corp
140 58th St. Bldg A, Ste 2N
@ -19862,6 +19892,48 @@ AC-EF-92 (hex) JiZhiKang (Beijing) Technology Co., Ltd
Beijing 100176
CN
0C-47-A9 (hex) HONGKONG STONEOIM TECHNOLOGY LIMITED
300000-3FFFFF (base 16) HONGKONG STONEOIM TECHNOLOGY LIMITED
UNIT 1507C,15/F,EASTCORE 398 KWUN TONG ROAD KWUN TONG KL
hongkong hongkong 999077
HK
0C-47-A9 (hex) Annapurna labs
200000-2FFFFF (base 16) Annapurna labs
Matam Scientific Industries Center, Building 8.2
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) BGResearch
E00000-EFFFFF (base 16) BGResearch
5, The Business Centre, Harvard Way, Kimbolton,
Huntingdon. Cambridgeshire PE28 0NJ
GB
EC-74-CD (hex) Platypus
600000-6FFFFF (base 16) Platypus
6, Wonteo-ro 110beon-gil, Jungwon-gu
Gyeonggi-do Seongnam-si 13360
KR
EC-74-CD (hex) Sound Health Systems
900000-9FFFFF (base 16) Sound Health Systems
650B Fremont Ave #65
Los Altos CA 94024
US
EC-74-CD (hex) Hitachi Rail GTS Austria GmbH
B00000-BFFFFF (base 16) Hitachi Rail GTS Austria GmbH
Handelskai 92
Vienna 1200
AT
EC-74-CD (hex) Standard Backhaul Communications
500000-5FFFFF (base 16) Standard Backhaul Communications
333 South Highland Ave
Briarcliff Manor 10510
US
D0-14-11 (hex) P.B. Elettronica srl
100000-1FFFFF (base 16) P.B. Elettronica srl
Via Santorelli, 8
@ -26459,6 +26531,12 @@ C00000-CFFFFF (base 16) Senix
0C-47-A9 (hex) Private
400000-4FFFFF (base 16) Private
0C-47-A9 (hex) Honest Networks LLC
800000-8FFFFF (base 16) Honest Networks LLC
15 Maiden LnSte 1101
New York NY 10038
US
C8-5C-E2 (hex) Fela Management AG
000000-0FFFFF (base 16) Fela Management AG
Basadingerstrasse 18
@ -33206,8 +33284,20 @@ C00000-CFFFFF (base 16) Annapurna labs
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) Everon Co., Ltd.
500000-5FFFFF (base 16) Everon Co., Ltd.
3F.Pine Avenue B, 100, Eulji-ro, Jung-gu
Seoul 04551
KR
0C-47-A9 (hex) Shenzhen Hebang Electronic Co., Ltd
B00000-BFFFFF (base 16) Shenzhen Hebang Electronic Co., Ltd
2nd Floor West, Bldg B, Kelunte Low Carbon Industry Park, Huarong Road, Dalang, Longhua District
Shenzhen 518000
CN
EC-74-CD (hex) TRANS AUDIO VIDEO SRL
800000-8FFFFF (base 16) TRANS AUDIO VIDEO SRL
Viale Melvin Jones 12
Caserta CE 81100
IT

View File

@ -7457,6 +7457,24 @@ D04000-D04FFF (base 16) Plenty Unlimited Inc
HongKong 999077
HK
8C-1F-64 (hex) KRYFS TECHNOLOGIES PRIVATE LIMITED
206000-206FFF (base 16) KRYFS TECHNOLOGIES PRIVATE LIMITED
SURVEY NO 231 KHERDI MAIN ROAD NEAR HPCL KHERDI SILVASSA
SILVASSA DADRA AND NAGAR HAVELI 396230
IN
8C-1F-64 (hex) Matrixspace
806000-806FFF (base 16) Matrixspace
1721 Moon Lake BlvdSTE 200
Hoffman Estates IL 60169
US
8C-1F-64 (hex) ENERGY POWER PRODUCTS LIMITED
41B000-41BFFF (base 16) ENERGY POWER PRODUCTS LIMITED
7/F, Room 701, Lucky Centre, 165-171, Wanchai Road
Wanchai 000000
HK
8C-1F-64 (hex) Jacobs Technology, Inc.
A98000-A98FFF (base 16) Jacobs Technology, Inc.
7765 Old Telegraph Road
@ -22361,6 +22379,12 @@ A8C000-A8CFFF (base 16) Elektronik Art
Lublin Lublin 20234
PL
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Wuhan YiValley Opto-electric technology Co.,Ltd
175000-175FFF (base 16) Wuhan YiValley Opto-electric technology Co.,Ltd
A104,1st stage Juxian Building, Hongshan internatinoal enterprise center
@ -22379,12 +22403,6 @@ C60000-C60FFF (base 16) Intelligent Security Systems (ISS)
Woodbridge NJ 07095
US
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Flow Power
82B000-82BFFF (base 16) Flow Power
Suite 2, Level 3, 18 - 20 York St
@ -29885,12 +29903,42 @@ BA7000-BA7FFF (base 16) iLensys Technologies PVT LTD
Thiruvananthapuram KERALA 695014
IN
8C-1F-64 (hex) Potter Electric Signal Company
FDF000-FDFFFF (base 16) Potter Electric Signal Company
5757 Phantom Drive
Hazelwood MO 63042
US
8C-1F-64 (hex) Hurry-tech
F19000-F19FFF (base 16) Hurry-tech
Greenland Central Plaza ,Building 1 of Yard 9,Room 601
Beijing Beijing 100089
CN
8C-1F-64 (hex) Transit Solutions, LLC.
1BC000-1BCFFF (base 16) Transit Solutions, LLC.
114 West Grandview Avenue
Zelienople PA 16063
US
8C-1F-64 (hex) Ceranext Ltd
394000-394FFF (base 16) Ceranext Ltd
25-27 Demostheni Severi ,Metropolis Tower,Building B',1080 Cyprus
Nicosia 1080
CY
8C-1F-64 (hex) SiFive Inc
E88000-E88FFF (base 16) SiFive Inc
2625 Augustine DriveSuite 101
Santa Clara CA 95054
US
8C-1F-64 (hex) Makel Elektrik Malzemeleri A.Ş.
9B8000-9B8FFF (base 16) Makel Elektrik Malzemeleri A.Ş.
Osmangazi Mah.Mareşal Fevzi Çakmak Cad. No:38 KIRAÇ / Esenyurt
ESENYURT İstanbul 34522
TR
8C-1F-64 (hex) Mobileye
D63000-D63FFF (base 16) Mobileye
13 Hartom st.
@ -37294,3 +37342,9 @@ BD9000-BD9FFF (base 16) WATTS
C. Valportillo Segunda, 8 bis
Alcobendas Madrid 28108
ES
8C-1F-64 (hex) Mediana Co., Ltd.
159000-159FFF (base 16) Mediana Co., Ltd.
132, Donghwagongdan-ro, Munmak-eup
Wonju-si Gangwon-do 26365
KR

View File

@ -2540,7 +2540,6 @@ AVARRO,RRO,08/07/2023
"LUMINO Licht Elektronik GmbH",LLT,11/07/2023
"Reonel Oy",RNL,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024
"TeamViewer Germany GmbH",TMV,01/04/2024
"Pixio USA",PXO,02/14/2024
"ELARABY COMPANY FOR ENGINEERING INDUSTRIES",EEI,02/14/2024

1 Company PNP ID Approved On Date
2540 LUMINO Licht Elektronik GmbH LLT 11/07/2023
2541 Reonel Oy RNL 01/04/2024
2542 DemoPad Software Ltd DEM 01/04/2024
DemoPad Software Ltd DEM 01/04/2024
2543 TeamViewer Germany GmbH TMV 01/04/2024
2544 Pixio USA PXO 02/14/2024
2545 ELARABY COMPANY FOR ENGINEERING INDUSTRIES EEI 02/14/2024

View File

@ -421,7 +421,7 @@
<term><varname>rd.systemd.verity=</varname></term>
<term><varname>systemd.verity_root_data=</varname></term>
<term><varname>systemd.verity_root_hash=</varname></term>
<term><varname>systemd.verity.root_options=</varname></term>
<term><varname>systemd.verity_root_options=</varname></term>
<term><varname>usrhash=</varname></term>
<term><varname>systemd.verity_usr_data=</varname></term>
<term><varname>systemd.verity_usr_hash=</varname></term>

View File

@ -265,32 +265,11 @@
</refsect1>
<refsect1>
<title>Options</title>
<title>Unlocking</title>
<para>The following options are understood:</para>
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -85,7 +85,6 @@
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager"/>
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>
</variablelist>

View File

@ -1286,21 +1286,21 @@ DuplicateAddressDetection=none</programlisting></para>
<varlistentry>
<term><varname>KeepConfiguration=</varname></term>
<listitem>
<para>Takes a boolean or one of <literal>static</literal>, <literal>dhcp-on-stop</literal>,
<literal>dhcp</literal>. When <literal>static</literal>, <command>systemd-networkd</command>
will not drop static addresses and routes on starting up process. When set to
<literal>dhcp-on-stop</literal>, <command>systemd-networkd</command> will not drop addresses
and routes on stopping the daemon. When <literal>dhcp</literal>,
the addresses and routes provided by a DHCP server will never be dropped even if the DHCP
lease expires. This is contrary to the DHCP specification, but may be the best choice if,
e.g., the root filesystem relies on this connection. The setting <literal>dhcp</literal>
implies <literal>dhcp-on-stop</literal>, and <literal>yes</literal> implies
<literal>dhcp</literal> and <literal>static</literal>. Defaults to
<literal>dhcp-on-stop</literal> when <command>systemd-networkd</command> is running in
initrd, <literal>yes</literal> when the root filesystem is a network filesystem, and
<literal>no</literal> otherwise.</para>
<para>Takes a boolean or one of <literal>static</literal>, <literal>dynamic-on-stop</literal>, and
<literal>dynamic</literal>. When <literal>static</literal>, <command>systemd-networkd</command>
will not drop statically configured addresses and routes on starting up process. When
<literal>dynamic-on-stop</literal>, the dynamically configurad addresses and routes, such as
DHCPv4, DHCPv6, SLAAC, and IPv4 link-local address, will not be dropped when
<command>systemd-networkd</command> is being stopped. When <literal>dynamic</literal>, the
dynamically configured addresses and routes will never be dropped, and the lifetime of DHCPv4
leases will be ignored. This is contrary to the DHCP specification, but may be the best choice if,
e.g., the root filesystem relies on this connection. The setting <literal>dynamic</literal> implies
<literal>dynamic-on-stop</literal>, and <literal>yes</literal> implies <literal>dynamic</literal>
and <literal>static</literal>. Defaults to <literal>dynamic-on-stop</literal> when
<command>systemd-networkd</command> is running in initrd, <literal>yes</literal> when the root
filesystem is a network filesystem, and <literal>no</literal> otherwise.</para>
<xi:include href="version-info.xml" xpointer="v243"/>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
</variablelist>

View File

@ -81,4 +81,7 @@
<para id="v255">Added in version 255.</para>
<para id="v256">Added in version 256.</para>
<para id="v257">Added in version 257.</para>
<para id="v258">Added in version 258.</para>
<para id="v259">Added in version 259.</para>
<para id="v260">Added in version 260.</para>
</refsect1>

View File

@ -2674,6 +2674,14 @@ endif
#####################################################################
ukify_depends = []
foreach executable : ['systemd-measure', 'systemd-sbsign', 'systemd-keyutil']
if executable in executables_by_name
ukify_depends += [executables_by_name[executable]]
endif
endforeach
ukify = custom_target(
'ukify',
input : 'src/ukify/ukify.py',
@ -2681,6 +2689,7 @@ ukify = custom_target(
command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
install : want_ukify,
install_mode : 'rwxr-xr-x',
depends : ukify_depends,
install_dir : bindir)
if want_ukify
public_programs += ukify
@ -2700,7 +2709,7 @@ endif
mkosi_depends = public_programs
foreach executable : ['systemd-journal-remote', 'systemd-measure', 'systemd-sbsign', 'systemd-keyutil']
foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
if executable in executables_by_name
mkosi_depends += [executables_by_name[executable]]
endif

View File

@ -1 +1 @@
257~rc1
257~rc2

View File

@ -7,4 +7,3 @@ ToolsTreePackages=
meson
mypy
pkgconf
ruff

View File

@ -10,5 +10,6 @@ ToolsTreePackages=
libmicrohttpd
python-jinja
python-pytest
ruff
tpm2-tss
util-linux-libs

View File

@ -13,6 +13,6 @@ ToolsTreePackages=
pkgconfig(fdisk)
pkgconfig(libmicrohttpd)
pkgconfig(mount)
tss2-devel
tpm2-tss-devel
python3-jinja2
python3-pytest

View File

@ -0,0 +1,8 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
ToolsTreeDistribution=fedora
[Build]
ToolsTreePackages=
ruff

View File

@ -12,6 +12,7 @@ ToolsTreePackages=
pkgconfig(fdisk)
pkgconfig(libmicrohttpd)
pkgconfig(mount)
python3-ruff
tss2-devel
python3-jinja2
python3-pytest

View File

@ -0,0 +1,7 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi

View File

@ -2,10 +2,6 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1

View File

@ -7,7 +7,7 @@ Distribution=arch
Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main
GIT_COMMIT=62c224b60ca150627be58ca2da50f47cc0a5793c
GIT_COMMIT=29a73017cd380cd8db070dbd560e229d523b3c79
PKG_SUBDIR=arch
[Content]

View File

@ -8,7 +8,7 @@ Distribution=|fedora
Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide
GIT_COMMIT=e42eed4afd6267cd954d393d8eec79e0e7573de0
GIT_COMMIT=7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99
PKG_SUBDIR=fedora
[Content]

View File

@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=debian/master
GIT_COMMIT=2f288667e0f5eeba19b14d24b621baef2aa413e1
GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
PKG_SUBDIR=debian
[Content]

View File

@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-09 20:13+0000\n"
"PO-Revision-Date: 2024-11-17 15:48+0000\n"
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
"memory@weblate.org>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
@ -187,9 +187,11 @@ msgstr ""
"benötigte Speichermedium oder Dateisystem ein."
#: src/home/pam_systemd_home.c:298
#, fuzzy, c-format
#, c-format
msgid "Too frequent login attempts for user %s, try again later."
msgstr "Zu häufige Loginversuche für %s. Bitte später erneut probieren."
msgstr ""
"Zu viele Anmeldeversuche für Benutzer %s, versuchen Sie es später noch "
"einmal."
#: src/home/pam_systemd_home.c:310
msgid "Password: "
@ -1189,18 +1191,16 @@ msgid "Subscribe query results"
msgstr "Abfrageergebnisse abonnieren"
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "Legitimierung ist zum Versetzen des Systems in Bereitschaft notwendig."
msgstr "Legitimierung ist zum Abonnieren von Abfrageergebnissen erforderlich."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr "Legitimierung ist zum Festlegen von Domains notwendig."
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
@ -1248,20 +1248,21 @@ msgid "Install specific system version"
msgstr "Spezifische Systemversion installieren"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig."
msgstr ""
"Legitimierung ist zum Aktualisieren des Systems auf eine bestimmte ("
"möglicherweise alte) Version erforderlich."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "Alte Systemaktualisierungen bereinigen"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig."
msgstr ""
"Legitimierung ist zum Bereinigen alter Systemaktualisierungen erforderlich."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
@ -1269,11 +1270,8 @@ msgstr "Optionale Funktionen verwalten"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
"Arbeitsstationen notwendig."
msgstr "Legitimierung ist zur Verwaltung optionaler Funktionen erforderlich"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -3,12 +3,13 @@
# Finnish translation of systemd.
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
"main/fi/>\n"
"Language: fi\n"
@ -16,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.7.2\n"
"X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -112,14 +113,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Päivitä kotialue"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1174,14 +1173,11 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
msgstr "Hallitse valinnaisia ominaisuuksia"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
"hallintaan."
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -12,7 +12,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
"main/fr/>\n"
@ -360,8 +360,8 @@ msgid ""
"Authentication is required to set the statically configured local hostname, "
"as well as the pretty hostname."
msgstr ""
"Une authentification est requise pour définir le nom d'hôte local de manière "
"statique, ainsi que le nom d'hôte familier."
"Une authentification est requise pour définir le nom d'hôte local configuré "
"de manière statique, ainsi que le nom d'hôte convivial."
#: src/hostname/org.freedesktop.hostname1.policy:41
msgid "Set machine information"

114
po/he.po
View File

@ -1,22 +1,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023.
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2023-11-22 00:01+0000\n"
"PO-Revision-Date: 2024-11-19 07:38+0000\n"
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
"master/he/>\n"
"main/he/>\n"
"Language: he\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
"n % 10 == 0) ? 2 : 3));\n"
"X-Generator: Weblate 5.2\n"
"X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -106,14 +106,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "עדכון אזור בית"
msgstr "עדכון אזור הבית שלך"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
msgstr "נדרש אימות כדי לעדכן את אזור הבית שלך."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -133,14 +131,12 @@ msgid ""
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "יצירת אזור בית"
msgstr "הפעלת אזור בית"
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "נדרש אימות כדי ליצור אזור בית למשתמש."
msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש."
#: src/home/pam_systemd_home.c:293
#, c-format
@ -351,46 +347,37 @@ msgid "Authentication is required to get system description."
msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
#: src/import/org.freedesktop.import1.policy:22
#, fuzzy
msgid "Import a disk image"
msgstr "לייבא מכונה וירטואלית או דמות של מכולה (container image)"
msgstr "ייבוא דמות כונן"
#: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image."
msgstr ""
"נדרש אימות כדי לייבא מכונה וירטואלית או דמות של מכולה (container image)"
msgstr "נדרש אימות כדי לייבא דמות."
#: src/import/org.freedesktop.import1.policy:32
#, fuzzy
msgid "Export a disk image"
msgstr "ייצוא מכונה וירטואלית או דמות של מכולה (container image)"
msgstr "ייצוא דמות כונן"
#: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image."
msgstr ""
"נדרש אימות כדי לייצא מכונה וירטואלית או דמות של מכולה (container image)"
msgstr "נדרש אימות כדי לייצא דמות כונן."
#: src/import/org.freedesktop.import1.policy:42
#, fuzzy
msgid "Download a disk image"
msgstr "הורדת מכונה וירטואלית או דמות מכולה"
msgstr "הורדת דמות כונן"
#: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image."
msgstr "נדרש אימות כדי להוריד מכונה וירטואלית או דמות מכולה"
msgstr "נדרש אימות כדי להוריד דמות כונן."
#: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image"
msgstr ""
msgstr "ביטול העברה של דמות כונן"
#: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image."
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
msgstr "נדרש אימות כדי לבטל העברה של דמות כונן שמתבצעת בזמן אמת."
#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
@ -732,9 +719,8 @@ msgid "Set a wall message"
msgstr "הגדרת הודעת קיר"
#: src/login/org.freedesktop.login1.policy:397
#, fuzzy
msgid "Authentication is required to set a wall message."
msgstr "נדרש אימות כדי להגדיר הודעת קיר"
msgstr "נדרש אימות כדי להגדיר הודעת קיר."
#: src/login/org.freedesktop.login1.policy:406
msgid "Change Session"
@ -804,16 +790,14 @@ msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container"
msgstr "ניהול מכונות וירטואליות ומכולות מקומיות"
msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
#: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid ""
"Authentication is required to create a local virtual machine or container."
msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images"
@ -965,13 +949,13 @@ msgstr "נדרש אימות כדי להגדיר כרטיס רשת מחדש."
#: src/network/org.freedesktop.network1.policy:187
msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr ""
msgstr "נא לציין האם יש אחסון קבוע זמין ל־systemd-networkd"
#: src/network/org.freedesktop.network1.policy:188
msgid ""
"Authentication is required to specify whether persistent storage for systemd-"
"networkd is available."
msgstr ""
msgstr "נדרש אימות כדי לציין האם אחסון קבוע זמין ל־systemd-networkd."
#: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image"
@ -1004,18 +988,16 @@ msgid "Register a DNS-SD service"
msgstr "רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD"
msgstr "נדרש אימות כדי לרשום שירות DNS-SD."
#: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service"
msgstr "ביטול רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:34
#, fuzzy
msgid "Authentication is required to unregister a DNS-SD service."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD"
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD."
#: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings"
@ -1027,95 +1009,85 @@ msgstr "נדרש אימות כדי לאפס את הגדרות פתרון השמ
#: src/resolve/org.freedesktop.resolve1.policy:143
msgid "Subscribe query results"
msgstr ""
msgstr "רישום לתוצאות שאילתה"
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "נדרש אימות כדי להשהות את המערכת."
msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr ""
msgstr "היטל המטמון"
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
msgstr "נדרש אימות כדי להטיל את המטמון."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
msgstr ""
msgstr "היטל מצב השרת"
#: src/resolve/org.freedesktop.resolve1.policy:166
#, fuzzy
msgid "Authentication is required to dump server state."
msgstr "נדרש אימות כדי להגדיר שרתי NTP."
msgstr "נדרש אימות כדי להטיל את מצב השרת."
#: src/resolve/org.freedesktop.resolve1.policy:176
msgid "Dump statistics"
msgstr ""
msgstr "היטל סטטיסטיקה"
#: src/resolve/org.freedesktop.resolve1.policy:177
#, fuzzy
msgid "Authentication is required to dump statistics."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
msgstr "נדרש אימות כדי להטיל סטטיסטיקה."
#: src/resolve/org.freedesktop.resolve1.policy:187
msgid "Reset statistics"
msgstr ""
msgstr "איפוס סטטיסטיקה"
#: src/resolve/org.freedesktop.resolve1.policy:188
#, fuzzy
msgid "Authentication is required to reset statistics."
msgstr "נדרש אימות כדי לאפס הגדרות NTP."
msgstr "נדרש אימות כדי לאפס סטטיסטיקה."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
msgid "Check for system updates"
msgstr ""
msgstr "חיפוש עדכוני מערכת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
#, fuzzy
msgid "Authentication is required to check for system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
msgstr "נדרש אימות כדי לחפש עדכוני מערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
msgid "Install system updates"
msgstr ""
msgstr "התקנת עדכוני מערכת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
#, fuzzy
msgid "Authentication is required to install system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
msgstr "נדרש אימות כדי להתקין עדכוני מערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
msgid "Install specific system version"
msgstr ""
msgstr "התקנת גרסת מערכת מסוימת"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr "נדרש אימות כדי להגדיר את אזור הזמן של המערכת."
msgstr "נדרש אימות כדי לעדכן את המערכת לגרסה מסוימת (כנראה ישנה)."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr ""
msgstr "ניקוי עדכוני מערכת ישנים"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
msgstr "נדרש אימות כדי לנקות עדכוני מערכת ישנים."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
msgstr "ניהול יכולות רשות"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "נדרש אימות כדי לנהל הפעלות, משתמשים ומושבים פעילים."
msgstr "נדרש אימות כדי לנהל יכולות רשות"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"POT-Creation-Date: 2024-11-18 12:55+0900\n"
"PO-Revision-Date: 2021-09-09 03:04+0000\n"
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
@ -106,14 +106,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "ホーム領域の更新"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。"
msgstr "ホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1120,12 +1118,11 @@ msgstr "過去のシステム更新を削除するには認証が必要です。
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
msgstr "任意の機能の管理"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "アクティブなセッションやユーザ,シートを管理するには認証が必要です。"
msgstr "任意の機能を管理するには認証が必要です。"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -14,7 +14,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"PO-Revision-Date: 2024-11-17 13:38+0000\n"
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
"main/ru/>\n"
@ -1280,7 +1280,7 @@ msgstr "Управление дополнительными функциями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features"
msgstr ""
"Для управления дополнительными функциями необходимо пройти аутентификацию."
"Для управления дополнительными функциями необходимо пройти аутентификацию"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -7,7 +7,7 @@ msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
"systemd/main/sl/>\n"
@ -17,7 +17,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
"n%100==4 ? 2 : 3;\n"
"X-Generator: Weblate 5.7\n"
"X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -125,16 +125,13 @@ msgstr ""
"območja."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Posodobite domače območje"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
"območja."
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1234,14 +1231,12 @@ msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
msgstr "Upravljaj dodatne funkcionalnosti"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
"in delovišč."
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -4,11 +4,12 @@
# Eugene Melnik <jeka7js@gmail.com>, 2014.
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n"
@ -18,7 +19,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Generator: Weblate 5.7\n"
"X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -118,14 +119,12 @@ msgid "Authentication is required to update a user's home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Оновлення домашньої теки"
msgstr "Оновлення домашньої області"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1212,14 +1211,11 @@ msgstr "Для вилучення застарілих оновлень сист
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
"пройти розпізнавання."
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -38,19 +38,12 @@ __get_tpm2_devices() {
done
}
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() {
local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=(
[STANDALONE]='-h --help --version
--password --recovery-key'
--password --recovery-key --list-devices'
[ARG]='--unlock-key-file
--unlock-fido2-device
--unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
return 0
fi
comps=$(__get_block_devices)
comps=$(systemd-cryptenroll --list-devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
}

View File

@ -15,27 +15,59 @@
#include "parse-util.h"
#include "process-util.h"
#include "socket-util.h"
#include "stat-util.h"
#include "user-util.h"
#include "virt.h"
int audit_session_from_pid(pid_t pid, uint32_t *id) {
_cleanup_free_ char *s = NULL;
const char *p;
uint32_t u;
static int audit_read_field(const PidRef *pid, const char *field, char **ret) {
int r;
assert(id);
assert(field);
assert(ret);
/* We don't convert ENOENT to ESRCH here, since we can't
* really distinguish between "audit is not available in the
* kernel" and "the process does not exist", both which will
* result in ENOENT. */
if (!pidref_is_set(pid))
return -ESRCH;
p = procfs_file_alloca(pid, "sessionid");
/* Auditing is currently not virtualized for containers. Let's hence not use the audit session ID or
* login UID for now, it will be leaked in from the host */
if (detect_container() > 0)
return -ENODATA;
r = read_one_line_file(p, &s);
const char *p = procfs_file_alloca(pid->pid, field);
_cleanup_free_ char *s = NULL;
bool enoent = false;
r = read_virtual_file(p, SIZE_MAX, &s, /* ret_size= */ NULL);
if (r == -ENOENT) {
if (proc_mounted() == 0)
return -ENOSYS;
enoent = true;
} else if (r < 0)
return r;
r = pidref_verify(pid);
if (r < 0)
return r;
if (enoent) /* We got ENOENT, but /proc/ was mounted and the PID still valid? In that case it appears
* auditing is not supported by the kernel. */
return -ENODATA;
delete_trailing_chars(s, NEWLINE);
*ret = TAKE_PTR(s);
return 0;
}
int audit_session_from_pid(const PidRef *pid, uint32_t *ret_id) {
_cleanup_free_ char *s = NULL;
int r;
r = audit_read_field(pid, "sessionid", &s);
if (r < 0)
return r;
uint32_t u;
r = safe_atou32(s, &u);
if (r < 0)
return r;
@ -43,32 +75,24 @@ int audit_session_from_pid(pid_t pid, uint32_t *id) {
if (!audit_session_is_valid(u))
return -ENODATA;
*id = u;
if (ret_id)
*ret_id = u;
return 0;
}
int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
int audit_loginuid_from_pid(const PidRef *pid, uid_t *ret_uid) {
_cleanup_free_ char *s = NULL;
const char *p;
uid_t u;
int r;
assert(uid);
p = procfs_file_alloca(pid, "loginuid");
r = read_one_line_file(p, &s);
r = audit_read_field(pid, "loginuid", &s);
if (r < 0)
return r;
r = parse_uid(s, &u);
if (r == -ENXIO) /* the UID was -1 */
if (streq(s, "4294967295")) /* loginuid as 4294967295 means not part of any session. */
return -ENODATA;
if (r < 0)
return r;
*uid = u;
return 0;
return parse_uid(s, ret_uid);
}
static int try_audit_request(int fd) {
@ -113,22 +137,24 @@ bool use_audit(void) {
static int cached_use = -1;
int r;
if (cached_use < 0) {
int fd;
if (cached_use >= 0)
return cached_use;
fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
_cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
if (fd < 0) {
cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
if (!cached_use)
log_debug_errno(errno, "Won't talk to audit: %m");
cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
if (cached_use)
log_debug_errno(errno, "Unexpected error while creating audit socket, proceeding with its use: %m");
else
log_debug_errno(errno, "Won't talk to audit, because feature or privilege absent: %m");
} else {
/* If we try and use the audit fd but get -ECONNREFUSED, it is because
* we are not in the initial user namespace, and the kernel does not
* have support for audit outside of the initial user namespace
* (see https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
/* If we try and use the audit fd but get -ECONNREFUSED, it is because we are not in the
* initial user namespace, and the kernel does not have support for audit outside of the
* initial user namespace (see
* https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
*
* If we receive any other error, do not disable audit because we are not
* sure that the error indicates that audit will not work in general. */
* If we receive any other error, do not disable audit because we are not sure that the error
* indicates that audit will not work in general. */
r = try_audit_request(fd);
if (r < 0) {
cached_use = r != -ECONNREFUSED;
@ -137,9 +163,6 @@ bool use_audit(void) {
"Won't talk to audit: %m");
} else
cached_use = true;
safe_close(fd);
}
}
return cached_use;

View File

@ -5,10 +5,12 @@
#include <stdint.h>
#include <sys/types.h>
#include "pidref.h"
#define AUDIT_SESSION_INVALID UINT32_MAX
int audit_session_from_pid(pid_t pid, uint32_t *id);
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
int audit_session_from_pid(const PidRef *pid, uint32_t *id);
int audit_loginuid_from_pid(const PidRef *pid, uid_t *uid);
bool use_audit(void);

View File

@ -799,16 +799,20 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
continue;
}
char *path = strdup(e + 1);
_cleanup_free_ char *path = strdup(e + 1);
if (!path)
return -ENOMEM;
/* Refuse cgroup paths from outside our cgroup namespace */
if (startswith(path, "/../"))
return -EUNATCH;
/* Truncate suffix indicating the process is a zombie */
e = endswith(path, " (deleted)");
if (e)
*e = 0;
*ret_path = path;
*ret_path = TAKE_PTR(path);
return 0;
}
}

View File

@ -81,6 +81,7 @@ const char* special_glyph_full(SpecialGlyph code, bool force_utf) {
[SPECIAL_GLYPH_BLUE_CIRCLE] = "o",
[SPECIAL_GLYPH_GREEN_CIRCLE] = "o",
[SPECIAL_GLYPH_SUPERHERO] = "S",
[SPECIAL_GLYPH_IDCARD] = "@",
},
/* UTF-8 */
@ -151,6 +152,7 @@ const char* special_glyph_full(SpecialGlyph code, bool force_utf) {
[SPECIAL_GLYPH_BLUE_CIRCLE] = u8"🔵",
[SPECIAL_GLYPH_GREEN_CIRCLE] = u8"🟢",
[SPECIAL_GLYPH_SUPERHERO] = u8"🦸",
[SPECIAL_GLYPH_IDCARD] = u8"🪪",
},
};

View File

@ -56,6 +56,7 @@ typedef enum SpecialGlyph {
SPECIAL_GLYPH_BLUE_CIRCLE,
SPECIAL_GLYPH_GREEN_CIRCLE,
SPECIAL_GLYPH_SUPERHERO,
SPECIAL_GLYPH_IDCARD,
_SPECIAL_GLYPH_MAX,
_SPECIAL_GLYPH_INVALID = -EINVAL,
} SpecialGlyph;

View File

@ -136,12 +136,14 @@ int namespace_open(
int *ret_userns_fd,
int *ret_root_fd) {
assert(pid >= 0);
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
int r;
if (pid == 0)
pid = getpid_cached();
r = pidref_set_pid(&pidref, pid);
if (r < 0)
return r;
return pidref_namespace_open(&PIDREF_MAKE_FROM_PID(pid), ret_pidns_fd, ret_mntns_fd, ret_netns_fd, ret_userns_fd, ret_root_fd);
return pidref_namespace_open(&pidref, ret_pidns_fd, ret_mntns_fd, ret_netns_fd, ret_userns_fd, ret_root_fd);
}
int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd) {

View File

@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
_cleanup_free_ char *escaped = NULL, *comm = NULL;
int r;
assert(ret);
assert(pid >= 0);
assert(ret);
if (pid == 0 || pid == getpid_cached()) {
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@ -143,6 +143,9 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_comm(pid->pid, &comm);
if (r < 0)
return r;
@ -289,6 +292,9 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
if (r < 0)
return r;
@ -331,6 +337,9 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline_strv(pid->pid, flags, &args);
if (r < 0)
return r;
@ -477,6 +486,9 @@ int pidref_is_kernel_thread(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_kernel_thread(pid->pid);
if (result < 0)
return result;
@ -594,6 +606,9 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_uid(pid->pid, &uid);
if (r < 0)
return r;
@ -794,6 +809,9 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
if (r < 0)
return r;
@ -1093,6 +1111,9 @@ int pidref_is_my_child(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_my_child(pid->pid);
if (result < 0)
return result;
@ -1128,6 +1149,9 @@ int pidref_is_unwaited(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
if (pid->pid == 1 || pidref_is_self(pid))
return true;
@ -1169,6 +1193,9 @@ int pidref_is_alive(const PidRef *pidref) {
if (!pidref_is_set(pidref))
return -ESRCH;
if (pidref_is_remote(pidref))
return -EREMOTE;
result = pid_is_alive(pidref->pid);
if (result < 0) {
assert(result != -ESRCH);
@ -1460,8 +1487,8 @@ int safe_fork_full(
bool block_signals = false, block_all = false, intermediary = false;
int prio, r;
assert(!FLAGS_SET(flags, FORK_DETACH) || !ret_pid);
assert(!FLAGS_SET(flags, FORK_DETACH|FORK_WAIT));
assert(!FLAGS_SET(flags, FORK_DETACH) ||
(!ret_pid && (flags & (FORK_WAIT|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGKILL)) == 0));
/* A wrapper around fork(), that does a couple of important initializations in addition to mere forking. Always
* returns the child's PID in *ret_pid. Returns == 0 in the child, and > 0 in the parent. */
@ -1815,6 +1842,9 @@ int namespace_fork(
int set_oom_score_adjust(int value) {
char t[DECIMAL_STR_MAX(int)];
if (!oom_score_adjust_is_valid(value))
return -EINVAL;
xsprintf(t, "%i", value);
return write_string_file("/proc/self/oom_score_adj", t,
@ -1831,11 +1861,16 @@ int get_oom_score_adjust(int *ret) {
delete_trailing_chars(t, WHITESPACE);
assert_se(safe_atoi(t, &a) >= 0);
assert_se(oom_score_adjust_is_valid(a));
r = safe_atoi(t, &a);
if (r < 0)
return r;
if (!oom_score_adjust_is_valid(a))
return -ENODATA;
if (ret)
*ret = a;
return 0;
}

View File

@ -220,9 +220,9 @@ static int synthesize_user_creds(
if (ret_gid)
*ret_gid = GID_NOBODY;
if (ret_home)
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
if (ret_shell)
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
return 0;
}
@ -244,6 +244,7 @@ int get_user_creds(
assert(username);
assert(*username);
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
(!ret_home && !ret_shell)) {
@ -315,17 +316,14 @@ int get_user_creds(
if (ret_home)
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(empty_or_root(p->pw_dir) ||
!path_is_valid(p->pw_dir) ||
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
? NULL : p->pw_dir;
if (ret_shell)
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(isempty(p->pw_shell) ||
!path_is_valid(p->pw_shell) ||
!path_is_absolute(p->pw_shell) ||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
? NULL : p->pw_shell;
if (patch_username)
*username = p->pw_name;

View File

@ -12,6 +12,8 @@
#include <sys/types.h>
#include <unistd.h>
#include "string-util.h"
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
#define HOME_UID_MIN ((uid_t) 60001)
#define HOME_UID_MAX ((uid_t) 60513)
@ -36,10 +38,20 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
char* getlogname_malloc(void);
char* getusername_malloc(void);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
bool is_nologin_shell(const char *shell);
static inline bool shell_is_placeholder(const char *shell) {
return isempty(shell) || is_nologin_shell(shell);
}
typedef enum UserCredsFlags {
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
} UserCredsFlags;
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
@ -125,10 +137,6 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
int putsgent_sane(const struct sgrp *sg, FILE *stream);
#endif
bool is_nologin_shell(const char *shell);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
int is_this_me(const char *username);
const char* get_home_root(void);

View File

@ -1,17 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_BINFMT') != 1
subdir_done()
endif
executables += [
libexec_template + {
'name' : 'systemd-binfmt',
'public' : true,
'conditions' : ['ENABLE_BINFMT'],
'sources' : files('binfmt.c'),
},
]
if conf.get('ENABLE_BINFMT') == 1
install_emptydir(binfmtdir)
if install_sysconfdir
install_emptydir(sysconfdir / 'binfmt.d')
endif
endif

View File

@ -2469,11 +2469,7 @@ static EFI_STATUS initrd_prepare(
return EFI_OUT_OF_RESOURCES;
}
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(size),
UINT32_MAX /* Below 4G boundary. */);
_cleanup_pages_ Pages pages = xmalloc_initrd_pages(size);
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
STRV_FOREACH(i, entry->initrd) {

View File

@ -21,6 +21,11 @@
#include "smbios.h"
#include "util.h"
/* Validate the descriptor macros a bit that they match our expectations */
assert_cc(DEVICE_DESCRIPTOR_DEVICETREE == UINT32_C(0x1000001C));
assert_cc(DEVICE_SIZE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == sizeof(Device));
assert_cc(DEVICE_TYPE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == DEVICE_TYPE_DEVICETREE);
/**
* smbios_to_hashable_string() - Convert ascii smbios string to stripped char16_t.
*/
@ -105,9 +110,10 @@ EFI_STATUS chid_match(const void *hwid_buffer, size_t hwid_length, const Device
/* Count devices and check validity */
for (; (n_devices + 1) * sizeof(*devices) < hwid_length;) {
if (devices[n_devices].struct_size == 0)
if (devices[n_devices].descriptor == DEVICE_DESCRIPTOR_EOL)
break;
if (devices[n_devices].struct_size != sizeof(*devices))
if (devices[n_devices].descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return EFI_UNSUPPORTED;
n_devices++;
}

View File

@ -2,22 +2,63 @@
#pragma once
#include "efi.h"
#include "chid-fundamental.h"
/* A .hwids PE section consists of a series of 'Device' structures. A 'Device' structure binds a CHID to some
* resource, for now only Devicetree blobs. Designed to be extensible to other types of resources, should the
* need arise. The series of 'Device' structures is followed by some space for strings that can be referenced
* by offset by the Device structures. */
enum {
DEVICE_TYPE_DEVICETREE = 0x1, /* A devicetree blob */
/* Maybe later additional types for:
* - CoCo Bring-Your-Own-Firmware
* - ACPI DSDT Overrides
* - */
};
#define DEVICE_SIZE_FROM_DESCRIPTOR(u) ((uint32_t) (u) & UINT32_C(0x0FFFFFFF))
#define DEVICE_TYPE_FROM_DESCRIPTOR(u) ((uint32_t) (u) >> 28)
#define DEVICE_MAKE_DESCRIPTOR(type, size) (((uint32_t) (size) | ((uint32_t) type << 28)))
#define DEVICE_DESCRIPTOR_DEVICETREE DEVICE_MAKE_DESCRIPTOR(DEVICE_TYPE_DEVICETREE, sizeof(Device))
#define DEVICE_DESCRIPTOR_EOL UINT32_C(0)
typedef struct Device {
uint32_t struct_size; /* = sizeof(struct Device), or 0 for EOL */
uint32_t descriptor; /* The highest four bit encode the type of entry, the other 28 bit encode the
* size of the structure. Use the macros above to generate or take apart this
* field. */
EFI_GUID chid;
union {
struct {
/* These offsets are relative to the beginning of the .hwids PE section. */
uint32_t name_offset; /* nul-terminated string or 0 if not present */
uint32_t compatible_offset; /* nul-terminated string or 0 if not present */
EFI_GUID chid;
} devicetree;
/* fields for other descriptor types… */
};
} _packed_ Device;
/* Validate some offset, since the structure is API and src/ukify/ukify.py encodes them directly */
assert_cc(offsetof(Device, descriptor) == 0);
assert_cc(offsetof(Device, chid) == 4);
assert_cc(offsetof(Device, devicetree.name_offset) == 20);
assert_cc(offsetof(Device, devicetree.compatible_offset) == 24);
assert_cc(sizeof(Device) == 28);
static inline const char* device_get_name(const void *base, const Device *device) {
return device->name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->name_offset);
if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.name_offset);
}
static inline const char* device_get_compatible(const void *base, const Device *device) {
return device->compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->compatible_offset);
if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.compatible_offset);
}
EFI_STATUS chid_match(const void *chids_buffer, size_t chids_length, const Device **ret_device);

View File

@ -27,6 +27,7 @@ _gnu_printf_(3, 4) EFI_STATUS log_internal(EFI_STATUS status, uint8_t text_color
log_internal(status, text_color, "%s:%i@%s: " format, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
#define log_debug(...) log_full(EFI_SUCCESS, EFI_LIGHTGRAY, __VA_ARGS__)
#define log_info(...) log_full(EFI_SUCCESS, EFI_WHITE, __VA_ARGS__)
#define log_warning_status(status, ...) log_full(status, EFI_YELLOW, __VA_ARGS__)
#define log_error_status(status, ...) log_full(status, EFI_LIGHTRED, __VA_ARGS__)
#define log_error(...) log_full(EFI_INVALID_PARAMETER, EFI_LIGHTRED, __VA_ARGS__)
#define log_oom() log_full(EFI_OUT_OF_RESOURCES, EFI_LIGHTRED, "Out of memory.")

View File

@ -320,7 +320,7 @@ static void pe_locate_sections(
/* device */ NULL,
&hwids_section);
if (hwids_section.memory_offset != 0) {
if (PE_SECTION_VECTOR_IS_SET(&hwids_section)) {
hwids = (const uint8_t *) SIZE_TO_PTR(validate_base) + hwids_section.memory_offset;
EFI_STATUS err = chid_match(hwids, hwids_section.memory_size, &device);
@ -328,8 +328,7 @@ static void pe_locate_sections(
log_error_status(err, "HWID matching failed, no DT blob will be selected: %m");
hwids = NULL;
}
} else
log_info("HWIDs section is missing, no DT blob will be selected");
}
}
return pe_locate_sections_internal(
@ -359,7 +358,7 @@ static uint32_t get_compatibility_entry_address(const DosFileHeader *dos, const
PTR_TO_SIZE(dos),
&vector);
if (vector.memory_size == 0) /* not found */
if (!PE_SECTION_VECTOR_IS_SET(&vector)) /* not found */
return 0;
typedef struct {

View File

@ -43,8 +43,11 @@ static EFI_STATUS acquire_rng(void *ret, size_t size) {
return EFI_UNSUPPORTED;
err = rng->GetRNG(rng, NULL, size, ret);
/* On some systems the RNG might not be ready during early boot, handle gracefully and don't log. */
if (err == EFI_NOT_READY)
return err;
if (err != EFI_SUCCESS)
return log_error_status(err, "Failed to acquire RNG data: %m");
return log_warning_status(err, "Failed to acquire RNG data, proceeding without: %m");
return EFI_SUCCESS;
}

View File

@ -114,12 +114,9 @@ static EFI_STATUS combine_initrds(
n += initrd_size;
}
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n),
UINT32_MAX /* Below 4G boundary. */);
_cleanup_pages_ Pages pages = xmalloc_initrd_pages(n);
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
FOREACH_ARRAY(i, initrds, n_initrds) {
size_t pad;

View File

@ -99,6 +99,29 @@ static inline Pages xmalloc_pages(
};
}
static inline Pages xmalloc_initrd_pages(size_t n_pages) {
/* The original native x86 boot protocol of the Linux kernel was not 64bit safe, hence we allocate
* memory for the initrds below the 4G boundary on x86, since we don't know early enough which
* protocol we'll use to ultimately boot the kernel. This restriction is somewhat obsolete, since
* these days we generally prefer the kernel's newer EFI entrypoint instead, which has no such
* limitations. On other architectures we do not bother with any restriction on this, in particular
* as some of them don't even have RAM mapped to such low addresses. */
#if defined(__i386__) || defined(__x86_64__)
return xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n_pages),
UINT32_MAX /* Below 4G boundary. */);
#else
return xmalloc_pages(
AllocateAnyPages,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n_pages),
0 /* Ignored. */);
#endif
}
void convert_efi_path(char16_t *path);
char16_t *xstr8_to_path(const char *stra);
char16_t *mangle_stub_cmdline(char16_t *cmdline);

View File

@ -299,7 +299,6 @@ static const char *const esp_subdirs[] = {
"EFI/BOOT",
"loader",
"loader/keys",
"loader/keys/auto",
NULL
};
@ -615,6 +614,10 @@ static int install_secure_boot_auto_enroll(const char *esp, X509 *certificate, E
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert X.509 certificate to DER: %s",
ERR_error_string(ERR_get_error(), NULL));
r = mkdir_one(esp, "loader/keys/auto");
if (r < 0)
return r;
_cleanup_close_ int keys_fd = chase_and_open("loader/keys/auto", esp, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, O_DIRECTORY, NULL);
if (keys_fd < 0)
return log_error_errno(keys_fd, "Failed to chase loader/keys/auto in the ESP: %m");
@ -1287,6 +1290,10 @@ int verb_remove(int argc, char *argv[], void *userdata) {
r = q;
}
q = rmdir_one(arg_esp_path, "/loader/keys/auto");
if (q < 0 && r >= 0)
r = q;
q = remove_subdirs(arg_esp_path, esp_subdirs);
if (q < 0 && r >= 0)
r = q;

View File

@ -1088,7 +1088,7 @@ static int method_start_transient_unit(sd_bus_message *message, void *userdata,
m,
name,
"start",
N_("Authentication is required to start transient '$(unit)'."),
N_("Authentication is required to start transient unit '$(unit)'."),
message,
error);
if (r < 0)

View File

@ -855,9 +855,6 @@ static int get_fixed_user(
assert(user_or_uid);
assert(ret_username);
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
if (r < 0)
return r;
@ -1883,7 +1880,10 @@ static int build_environment(
}
}
if (home && set_user_login_env) {
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
if (home && set_user_login_env && !empty_or_root(home)) {
x = strjoin("HOME=", home);
if (!x)
return -ENOMEM;
@ -1892,7 +1892,7 @@ static int build_environment(
our_env[n_env++] = x;
}
if (shell && set_user_login_env) {
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
x = strjoin("SHELL=", shell);
if (!x)
return -ENOMEM;
@ -3471,20 +3471,16 @@ static int apply_working_directory(
const ExecContext *context,
const ExecParameters *params,
ExecRuntime *runtime,
const char *home,
int *exit_status) {
const char *home) {
const char *wd;
int r;
assert(context);
assert(exit_status);
if (context->working_directory_home) {
if (!home) {
*exit_status = EXIT_CHDIR;
if (!home)
return -ENXIO;
}
wd = home;
} else
@ -3503,13 +3499,7 @@ static int apply_working_directory(
if (r >= 0)
r = RET_NERRNO(fchdir(dfd));
}
if (r < 0 && !context->working_directory_missing_ok) {
*exit_status = EXIT_CHDIR;
return r;
}
return 0;
return context->working_directory_missing_ok ? 0 : r;
}
static int apply_root_directory(
@ -3785,7 +3775,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
if (!c->working_directory_home)
return 0;
if (c->dynamic_user)
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
return -EADDRNOTAVAIL;
r = get_home_dir(ret_buf);
@ -4543,7 +4533,7 @@ int exec_invoke(
r = acquire_home(context, &home, &home_buffer);
if (r < 0) {
*exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
}
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
@ -5383,9 +5373,11 @@ int exec_invoke(
* running this service might have the correct privilege to change to the working directory. Also, it
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
* the cwd cannot be used to pin directories outside of the sandbox. */
r = apply_working_directory(context, params, runtime, home, exit_status);
if (r < 0)
r = apply_working_directory(context, params, runtime, home);
if (r < 0) {
*exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
}
if (needs_sandboxing) {
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to

View File

@ -1689,6 +1689,11 @@ static int become_shutdown(int objective, int retval) {
/* Tell the binary how often to ping, ignore failure */
(void) strv_extendf(&env_block, "WATCHDOG_USEC="USEC_FMT, watchdog_timer);
/* Make sure that tools that look for $WATCHDOG_USEC (and might get started by the exitrd) don't get
* confused by the variable, because the sd_watchdog_enabled() protocol uses the same variable for
* the same purposes. */
(void) strv_extendf(&env_block, "WATCHDOG_PID=" PID_FMT, getpid_cached());
if (arg_watchdog_device)
(void) strv_extendf(&env_block, "WATCHDOG_DEVICE=%s", arg_watchdog_device);

View File

@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0;
}
r = service_add_fd_store(s, fd, fdn, do_poll);
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
if (r < 0) {
log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0;
}
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ int enroll_fido2(
fflush(stdout);
fprintf(stderr,
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
"\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
"file, see %s for details.\n", link);

View File

@ -427,6 +427,9 @@ int wipe_slots(struct crypt_device *cd,
for (size_t i = n_ordered_slots; i > 0; i--) {
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
if (r < 0) {
if (r == -ENOENT)
log_warning_errno(r, "Failed to wipe non-existent slot %i, continuing.", ordered_slots[i - 1]);
else
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
if (ret == 0)
ret = r;

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS11 Enrollment:%4$s\n"
"\n%3$sPKCS#11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -1,5 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_LIBCRYPTSETUP') != 1
subdir_done()
endif
systemd_cryptenroll_sources = files(
'cryptenroll-list.c',
'cryptenroll-password.c',
@ -24,7 +28,6 @@ executables += [
executable_template + {
'name' : 'systemd-cryptenroll',
'public' : true,
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : systemd_cryptenroll_sources,
'dependencies' : [
libcryptsetup,

View File

@ -1,5 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_LIBCRYPTSETUP') != 1
subdir_done()
endif
subdir('cryptsetup-tokens')
systemd_cryptsetup_sources = files(
@ -15,7 +19,6 @@ executables += [
executable_template + {
'name' : 'systemd-cryptsetup',
'public' : true,
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : systemd_cryptsetup_sources,
'dependencies' : [
libcryptsetup,
@ -25,14 +28,11 @@ executables += [
},
generator_template + {
'name' : 'systemd-cryptsetup-generator',
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : files('cryptsetup-generator.c'),
},
]
if conf.get('HAVE_LIBCRYPTSETUP') == 1
# symlink for backwards compatibility after rename
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-cryptsetup',
libexecdir / 'systemd-cryptsetup'))
endif

View File

@ -1,17 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_BLKID') != 1
subdir_done()
endif
executables += [
executable_template + {
'name' : 'systemd-dissect',
'public' : true,
'conditions' : ['HAVE_BLKID'],
'sources' : files('dissect.c'),
},
]
if conf.get('HAVE_BLKID') == 1
install_emptydir(sbindir)
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-dissect',
sbindir / 'mount.ddi'))
endif

View File

@ -1,17 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_ENVIRONMENT_D') != 1
subdir_done()
endif
executables += [
executable_template + {
'name' : '30-systemd-environment-d-generator',
'conditions' : ['ENABLE_ENVIRONMENT_D'],
'sources' : files('environment-d-generator.c'),
'install_dir' : userenvgeneratordir,
},
]
if conf.get('ENABLE_ENVIRONMENT_D') == 1
install_emptydir(environmentdir)
meson.add_install_script(sh, '-c',
ln_s.format(sysconfdir / 'environment',
environmentdir / '99-environment.conf'))
endif

View File

@ -1,9 +1,12 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_HIBERNATE') != 1
subdir_done()
endif
executables += [
generator_template + {
'name' : 'systemd-hibernate-resume-generator',
'conditions' : ['ENABLE_HIBERNATE'],
'sources' : files(
'hibernate-resume-generator.c',
'hibernate-resume-config.c',
@ -11,7 +14,6 @@ executables += [
},
libexec_template + {
'name' : 'systemd-hibernate-resume',
'conditions' : ['ENABLE_HIBERNATE'],
'sources' : files(
'hibernate-resume.c',
'hibernate-resume-config.c',

View File

@ -1,5 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_HOMED') != 1
subdir_done()
endif
systemd_homework_sources = files(
'home-util.c',
'homework-blob.c',
@ -64,7 +68,6 @@ pam_systemd_home_sources = files(
executables += [
libexec_template + {
'name' : 'systemd-homework',
'conditions' : ['ENABLE_HOMED'],
'sources' : systemd_homework_sources,
'link_with' : [
libshared,
@ -82,7 +85,6 @@ executables += [
libexec_template + {
'name' : 'systemd-homed',
'dbus' : true,
'conditions' : ['ENABLE_HOMED'],
'sources' : systemd_homed_sources,
'include_directories' : includes +
include_directories('.'),
@ -96,7 +98,6 @@ executables += [
executable_template + {
'name' : 'homectl',
'public' : true,
'conditions' : ['ENABLE_HOMED'],
'sources' : homectl_sources,
'dependencies' : [
libcrypt,
@ -108,7 +109,6 @@ executables += [
},
test_template + {
'sources' : files('test-homed-regression-31896.c'),
'conditions' : ['ENABLE_HOMED'],
'type' : 'manual',
},
]
@ -116,10 +116,7 @@ executables += [
modules += [
pam_template + {
'name' : 'pam_systemd_home',
'conditions' : [
'ENABLE_HOMED',
'HAVE_PAM',
],
'conditions' : ['HAVE_PAM'],
'sources' : pam_systemd_home_sources,
'dependencies' : [
libcrypt,
@ -131,7 +128,6 @@ modules += [
},
]
if conf.get('ENABLE_HOMED') == 1
install_data('org.freedesktop.home1.conf',
install_dir : dbuspolicydir)
install_data('org.freedesktop.home1.service',
@ -147,4 +143,3 @@ if conf.get('ENABLE_HOMED') == 1
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'homectl',
bindir / 'systemd-home-fallback-shell'))
endif

View File

@ -1,25 +1,25 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_HOSTNAMED') != 1
subdir_done()
endif
executables += [
libexec_template + {
'name' : 'systemd-hostnamed',
'dbus' : true,
'conditions' : ['ENABLE_HOSTNAMED'],
'sources' : files('hostnamed.c'),
},
executable_template + {
'name' : 'hostnamectl',
'public' : true,
'conditions' : ['ENABLE_HOSTNAMED'],
'sources' : files('hostnamectl.c'),
},
]
if conf.get('ENABLE_HOSTNAMED') == 1
install_data('org.freedesktop.hostname1.conf',
install_dir : dbuspolicydir)
install_data('org.freedesktop.hostname1.service',
install_dir : dbussystemservicedir)
install_data('org.freedesktop.hostname1.policy',
install_dir : polkitpolicydir)
endif

View File

@ -1,9 +1,12 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_LIBCRYPTSETUP') != 1
subdir_done()
endif
executables += [
libexec_template + {
'name' : 'systemd-integritysetup',
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : files(
'integrity-util.c',
'integritysetup.c',
@ -12,7 +15,6 @@ executables += [
},
generator_template + {
'name' : 'systemd-integritysetup-generator',
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : files(
'integrity-util.c',
'integritysetup-generator.c',

View File

@ -526,8 +526,8 @@ static void client_context_really_refresh(
client_context_read_basic(c);
(void) client_context_read_label(c, label, label_size);
(void) audit_session_from_pid(c->pid, &c->auditid);
(void) audit_loginuid_from_pid(c->pid, &c->loginuid);
(void) audit_session_from_pid(&PIDREF_MAKE_FROM_PID(c->pid), &c->auditid);
(void) audit_loginuid_from_pid(&PIDREF_MAKE_FROM_PID(c->pid), &c->loginuid);
(void) client_context_read_cgroup(s, c, unit_id);
(void) client_context_read_invocation_id(s, c);

View File

@ -750,7 +750,7 @@ static int ndisc_option_parse_route(Set **options, size_t offset, size_t len, co
usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true);
struct in6_addr prefix;
memcpy(&prefix, opt + 8, len - 8);
memcpy_safe(&prefix, opt + 8, len - 8);
in6_addr_mask(&prefix, prefixlen);
return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime);

View File

@ -1033,12 +1033,14 @@ global:
sd_varlink_server_listen_fd;
sd_varlink_server_loop_auto;
sd_varlink_server_new;
sd_varlink_server_ref;
sd_varlink_server_set_connections_max;
sd_varlink_server_set_connections_per_uid_max;
sd_varlink_server_set_description;
sd_varlink_server_set_exit_on_idle;
sd_varlink_server_set_userdata;
sd_varlink_server_shutdown;
sd_varlink_server_unref;
sd_varlink_set_allow_fd_passing_input;
sd_varlink_set_allow_fd_passing_output;
sd_varlink_set_description;

View File

@ -9,6 +9,7 @@
BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_UNIT, ENOENT),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_PROCESS, ESRCH),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_UNIT_FOR_PID, ESRCH),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_UNIT_FOR_INVOCATION_ID, ENOENT),
SD_BUS_ERROR_MAP(BUS_ERROR_UNIT_EXISTS, EEXIST),
@ -65,8 +66,6 @@ BUS_ERROR_MAP_ELF_REGISTER const sd_bus_error_map bus_common_errors[] = {
SD_BUS_ERROR_MAP(BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED, EALREADY),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_NTP_SUPPORT, EOPNOTSUPP),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_PROCESS, ESRCH),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_NAME_SERVERS, ESRCH),
SD_BUS_ERROR_MAP(BUS_ERROR_INVALID_REPLY, EINVAL),
SD_BUS_ERROR_MAP(BUS_ERROR_NO_SUCH_RR, ENOENT),

View File

@ -4,6 +4,7 @@
#include "bus-error.h"
#define BUS_ERROR_NO_SUCH_UNIT "org.freedesktop.systemd1.NoSuchUnit"
#define BUS_ERROR_NO_SUCH_PROCESS "org.freedesktop.systemd1.NoSuchProcess"
#define BUS_ERROR_NO_UNIT_FOR_PID "org.freedesktop.systemd1.NoUnitForPID"
#define BUS_ERROR_NO_UNIT_FOR_INVOCATION_ID "org.freedesktop.systemd1.NoUnitForInvocationID"
#define BUS_ERROR_UNIT_EXISTS "org.freedesktop.systemd1.UnitExists"
@ -66,8 +67,6 @@
#define BUS_ERROR_AUTOMATIC_TIME_SYNC_ENABLED "org.freedesktop.timedate1.AutomaticTimeSyncEnabled"
#define BUS_ERROR_NO_NTP_SUPPORT "org.freedesktop.timedate1.NoNTPSupport"
#define BUS_ERROR_NO_SUCH_PROCESS "org.freedesktop.systemd1.NoSuchProcess"
#define BUS_ERROR_NO_NAME_SERVERS "org.freedesktop.resolve1.NoNameServers"
#define BUS_ERROR_INVALID_REPLY "org.freedesktop.resolve1.InvalidReply"
#define BUS_ERROR_NO_SUCH_RR "org.freedesktop.resolve1.NoSuchRR"

View File

@ -1118,7 +1118,7 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, PidRef *pidref, pid_t tid
}
if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
r = audit_session_from_pid(pidref->pid, &c->audit_session_id);
r = audit_session_from_pid(pidref, &c->audit_session_id);
if (r == -ENODATA) {
/* ENODATA means: no audit session id assigned */
c->audit_session_id = AUDIT_SESSION_INVALID;
@ -1131,7 +1131,7 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, PidRef *pidref, pid_t tid
}
if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
r = audit_loginuid_from_pid(pidref->pid, &c->audit_login_uid);
r = audit_loginuid_from_pid(pidref, &c->audit_login_uid);
if (r == -ENODATA) {
/* ENODATA means: no audit login uid assigned */
c->audit_login_uid = UID_INVALID;

View File

@ -3265,7 +3265,7 @@ static sd_varlink_server* varlink_server_destroy(sd_varlink_server *s) {
return mfree(s);
}
DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) {
int allowed = -1;

View File

@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
int pidfd = sd_varlink_get_peer_pidfd(v);
if (pidfd < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
return pidfd;
pid_t pid;

View File

@ -1006,7 +1006,7 @@ static int create_session(
"Maximum number of sessions (%" PRIu64 ") reached, refusing further sessions.",
m->sessions_max);
(void) audit_session_from_pid(leader.pid, &audit_id);
(void) audit_session_from_pid(&leader, &audit_id);
if (audit_session_is_valid(audit_id)) {
/* Keep our session IDs and the audit session IDs in sync */

View File

@ -360,7 +360,7 @@ int bus_session_method_kill(sd_bus_message *message, void *userdata, sd_bus_erro
if (r == 0)
return 1; /* Will call us back */
r = session_kill(s, whom, signo);
r = session_kill(s, whom, signo, error);
if (r < 0)
return r;

View File

@ -254,7 +254,7 @@ int session_set_leader_consume(Session *s, PidRef _leader) {
s->leader_fd_saved = true;
}
(void) audit_session_from_pid(s->leader.pid, &s->audit_id);
(void) audit_session_from_pid(&s->leader, &s->audit_id);
return 1;
}
@ -1387,16 +1387,20 @@ SessionState session_get_state(Session *s) {
return SESSION_ONLINE;
}
int session_kill(Session *s, KillWhom whom, int signo) {
int session_kill(Session *s, KillWhom whom, int signo, sd_bus_error *error) {
assert(s);
switch (whom) {
case KILL_ALL:
if (!s->scope)
return -ESRCH;
if (!SESSION_CLASS_WANTS_SCOPE(s->class))
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
"Session '%s' has no associated scope", s->id);
return manager_kill_unit(s->manager, s->scope, KILL_ALL, signo, NULL);
if (!s->scope)
return sd_bus_error_set_errnof(error, ESRCH, "Scope for session '%s' not active", s->id);
return manager_kill_unit(s->manager, s->scope, KILL_ALL, signo, error);
case KILL_LEADER:
return pidref_kill(&s->leader, signo);

View File

@ -191,7 +191,7 @@ int session_finalize(Session *s);
int session_release(Session *s);
int session_save(Session *s);
int session_load(Session *s);
int session_kill(Session *s, KillWhom whom, int signo);
int session_kill(Session *s, KillWhom whom, int signo, sd_bus_error *error);
SessionState session_get_state(Session *u);

View File

@ -1,17 +1,18 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_KMOD') != 1
subdir_done()
endif
executables += [
libexec_template + {
'name' : 'systemd-modules-load',
'conditions' : ['HAVE_KMOD'],
'sources' : files('modules-load.c'),
'dependencies' : libkmod_cflags,
},
]
if conf.get('HAVE_KMOD') == 1
install_emptydir(modulesloaddir)
if install_sysconfdir
install_emptydir(sysconfdir / 'modules-load.d')
endif
endif

View File

@ -1,5 +1,9 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_MOUNTFSD') != 1
subdir_done()
endif
systemd_mountwork_sources = files(
'mountwork.c',
)
@ -12,12 +16,10 @@ systemd_mountfsd_sources = files(
executables += [
libexec_template + {
'name' : 'systemd-mountfsd',
'conditions' : ['ENABLE_MOUNTFSD'],
'sources' : systemd_mountfsd_sources,
},
libexec_template + {
'name' : 'systemd-mountwork',
'conditions' : ['ENABLE_MOUNTFSD'],
'sources' : systemd_mountwork_sources,
},
]

View File

@ -276,7 +276,6 @@ static int vl_method_mount_image(
Hashmap **polkit_registry = ASSERT_PTR(userdata);
_cleanup_free_ char *ps = NULL;
bool image_is_trusted = false;
uid_t peer_uid;
int r;
assert(link);
@ -284,10 +283,6 @@ static int vl_method_mount_image(
sd_json_variant_sensitive(parameters); /* might contain passwords */
r = sd_varlink_get_peer_uid(link, &peer_uid);
if (r < 0)
return log_debug_errno(r, "Failed to get client UID: %m");
r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
if (r != 0)
return r;
@ -527,17 +522,13 @@ static int vl_method_mount_image(
loop_device_relinquish(loop);
r = sd_varlink_replybo(
return sd_varlink_replybo(
link,
SD_JSON_BUILD_PAIR("partitions", SD_JSON_BUILD_VARIANT(aj)),
SD_JSON_BUILD_PAIR("imagePolicy", SD_JSON_BUILD_STRING(ps)),
SD_JSON_BUILD_PAIR("imageSize", SD_JSON_BUILD_INTEGER(di->image_size)),
SD_JSON_BUILD_PAIR("sectorSize", SD_JSON_BUILD_INTEGER(di->sector_size)),
SD_JSON_BUILD_PAIR_CONDITION(!sd_id128_is_null(di->image_uuid), "imageUuid", SD_JSON_BUILD_UUID(di->image_uuid)));
if (r < 0)
return r;
return r;
}
static int process_connection(sd_varlink_server *server, int _fd) {

View File

@ -76,6 +76,7 @@ sources = files(
'networkd-route-nexthop.c',
'networkd-route-util.c',
'networkd-routing-policy-rule.c',
'networkd-serialize.c',
'networkd-setlink.c',
'networkd-speed-meter.c',
'networkd-sriov.c',

View File

@ -72,4 +72,5 @@ const NetDevVTable bare_udp_vtable = {
.fill_message_create = netdev_bare_udp_fill_message_create,
.create_type = NETDEV_CREATE_INDEPENDENT,
.iftype = ARPHRD_NONE,
.keep_existing = true,
};

View File

@ -56,13 +56,23 @@ DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_arp_all_targets, bond_arp_all_targets
DEFINE_CONFIG_PARSE_ENUM(config_parse_bond_primary_reselect, bond_primary_reselect, BondPrimaryReselect);
static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
assert(!link);
assert(m);
Bond *b = BOND(netdev);
int r;
if (b->mode != _NETDEV_BOND_MODE_INVALID) {
assert(netdev->manager);
assert(!link);
assert(m);
if (netdev->ifindex > 0) {
r = link_get_by_index(netdev->manager, netdev->ifindex, &link);
if (r < 0)
return r;
}
bool up = link && FLAGS_SET(link->flags, IFF_UP);
bool has_slaves = link && !set_isempty(link->slaves);
if (b->mode != _NETDEV_BOND_MODE_INVALID && !up && !has_slaves) {
r = sd_netlink_message_append_u8(m, IFLA_BOND_MODE, b->mode);
if (r < 0)
return r;
@ -75,7 +85,8 @@ static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlin
}
if (b->lacp_rate != _NETDEV_BOND_LACP_RATE_INVALID &&
b->mode == NETDEV_BOND_MODE_802_3AD) {
b->mode == NETDEV_BOND_MODE_802_3AD &&
!up) {
r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_LACP_RATE, b->lacp_rate);
if (r < 0)
return r;
@ -119,14 +130,16 @@ static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlin
}
if (b->ad_select != _NETDEV_BOND_AD_SELECT_INVALID &&
b->mode == NETDEV_BOND_MODE_802_3AD) {
b->mode == NETDEV_BOND_MODE_802_3AD &&
!up) {
r = sd_netlink_message_append_u8(m, IFLA_BOND_AD_SELECT, b->ad_select);
if (r < 0)
return r;
}
if (b->fail_over_mac != _NETDEV_BOND_FAIL_OVER_MAC_INVALID &&
b->mode == NETDEV_BOND_MODE_ACTIVE_BACKUP) {
b->mode == NETDEV_BOND_MODE_ACTIVE_BACKUP &&
!has_slaves) {
r = sd_netlink_message_append_u8(m, IFLA_BOND_FAIL_OVER_MAC, b->fail_over_mac);
if (r < 0)
return r;
@ -181,7 +194,7 @@ static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlin
return r;
}
if (b->ad_user_port_key != 0) {
if (b->ad_user_port_key != 0 && !up) {
r = sd_netlink_message_append_u16(m, IFLA_BOND_AD_USER_PORT_KEY, b->ad_user_port_key);
if (r < 0)
return r;
@ -197,7 +210,7 @@ static int netdev_bond_fill_message_create(NetDev *netdev, Link *link, sd_netlin
if (r < 0)
return r;
if (b->tlb_dynamic_lb >= 0) {
if (b->tlb_dynamic_lb >= 0 && !up) {
r = sd_netlink_message_append_u8(m, IFLA_BOND_TLB_DYNAMIC_LB, b->tlb_dynamic_lb);
if (r < 0)
return r;

View File

@ -281,12 +281,17 @@ static void bridge_init(NetDev *netdev) {
b->ageing_time = USEC_INFINITY;
}
static bool bridge_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
return true;
}
const NetDevVTable bridge_vtable = {
.object_size = sizeof(Bridge),
.init = bridge_init,
.sections = NETDEV_COMMON_SECTIONS "Bridge\0",
.post_create = netdev_bridge_post_create,
.create_type = NETDEV_CREATE_INDEPENDENT,
.can_set_mac = bridge_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};

View File

@ -4,10 +4,15 @@
#include "dummy.h"
static bool dummy_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
return true;
}
const NetDevVTable dummy_vtable = {
.object_size = sizeof(Dummy),
.sections = NETDEV_COMMON_SECTIONS,
.create_type = NETDEV_CREATE_INDEPENDENT,
.can_set_mac = dummy_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};

View File

@ -254,6 +254,10 @@ static int netdev_geneve_verify(NetDev *netdev, const char *filename) {
return 0;
}
static bool geneve_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
return true;
}
static void geneve_init(NetDev *netdev) {
Geneve *v = GENEVE(netdev);
@ -272,6 +276,7 @@ const NetDevVTable geneve_vtable = {
.fill_message_create = netdev_geneve_fill_message_create,
.create_type = NETDEV_CREATE_INDEPENDENT,
.config_verify = netdev_geneve_verify,
.can_set_mac = geneve_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};

View File

@ -60,6 +60,7 @@ const NetDevVTable ipvlan_vtable = {
.can_set_mac = ipvlan_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
.keep_existing = true,
};
const NetDevVTable ipvtap_vtable = {
@ -71,6 +72,7 @@ const NetDevVTable ipvtap_vtable = {
.can_set_mac = ipvlan_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
.keep_existing = true,
};
IPVlanMode link_get_ipvlan_mode(Link *link) {

View File

@ -178,6 +178,7 @@ const NetDevVTable macvtap_vtable = {
.create_type = NETDEV_CREATE_STACKED,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
.keep_existing = true,
};
const NetDevVTable macvlan_vtable = {
@ -189,4 +190,5 @@ const NetDevVTable macvlan_vtable = {
.create_type = NETDEV_CREATE_STACKED,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
.keep_existing = true,
};

View File

@ -400,7 +400,7 @@ int netdev_enter_ready(NetDev *netdev) {
assert(netdev);
assert(netdev->ifname);
if (netdev->state != NETDEV_STATE_CREATING)
if (!IN_SET(netdev->state, NETDEV_STATE_LOADING, NETDEV_STATE_CREATING))
return 0;
netdev->state = NETDEV_STATE_READY;
@ -432,18 +432,17 @@ static int netdev_create_handler(sd_netlink *rtnl, sd_netlink_message *m, NetDev
assert(netdev->state != _NETDEV_STATE_INVALID);
r = sd_netlink_message_get_errno(m);
if (r == -EEXIST)
log_netdev_info(netdev, "netdev exists, using existing without changing its parameters");
else if (r < 0) {
log_netdev_warning_errno(netdev, r, "netdev could not be created: %m");
if (r >= 0)
log_netdev_debug(netdev, "Created.");
else if (r == -EEXIST && netdev->ifindex > 0)
log_netdev_debug(netdev, "Already exists.");
else {
log_netdev_warning_errno(netdev, r, "Failed to create netdev: %m");
netdev_enter_failed(netdev);
return 1;
return 0;
}
log_netdev_debug(netdev, "Created");
return 1;
return netdev_enter_ready(netdev);
}
int netdev_set_ifindex_internal(NetDev *netdev, int ifindex) {
@ -464,8 +463,6 @@ int netdev_set_ifindex_internal(NetDev *netdev, int ifindex) {
}
static int netdev_set_ifindex_impl(NetDev *netdev, const char *name, int ifindex) {
int r;
assert(netdev);
assert(name);
assert(ifindex > 0);
@ -478,11 +475,7 @@ static int netdev_set_ifindex_impl(NetDev *netdev, const char *name, int ifindex
"Received netlink message with unexpected interface name %s (ifindex=%i).",
name, ifindex);
r = netdev_set_ifindex_internal(netdev, ifindex);
if (r <= 0)
return r;
return netdev_enter_ready(netdev);
return netdev_set_ifindex_internal(netdev, ifindex);
}
int netdev_set_ifindex(NetDev *netdev, sd_netlink_message *message) {
@ -636,15 +629,32 @@ finalize:
static bool netdev_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
assert(netdev);
assert(netdev->manager);
assert(hw_addr);
if (hw_addr->length <= 0)
return false;
if (!NETDEV_VTABLE(netdev)->can_set_mac)
return true;
Link *link;
if (link_get_by_index(netdev->manager, netdev->ifindex, &link) < 0)
return true; /* The netdev does not exist yet. We can set MAC address. */
if (hw_addr_equal(&link->hw_addr, hw_addr))
return false; /* Unchanged, not necessary to set. */
/* Some netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
* Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if
* the interface is running, e.g. dummy. For those cases, use custom checkers. */
if (NETDEV_VTABLE(netdev)->can_set_mac)
return NETDEV_VTABLE(netdev)->can_set_mac(netdev, hw_addr);
/* Before ad72c4a06acc6762e84994ac2f722da7a07df34e and 0ec92a8f56ff07237dbe8af7c7a72aba7f957baf
* (both in v6.5), the kernel refuse to set MAC address for existing netdevs even if it is unchanged.
* So, by default, do not update MAC address if the it is running. See eth_prepare_mac_addr_change(),
* which is called by eth_mac_addr(). Note, the result of netif_running() is mapped to operstate
* and flags. See rtnl_fill_ifinfo() and dev_get_flags(). */
return link->kernel_operstate == IF_OPER_DOWN &&
(link->flags & (IFF_RUNNING | IFF_LOWER_UP | IFF_DORMANT)) == 0;
}
static bool netdev_can_set_mtu(NetDev *netdev, uint32_t mtu) {
@ -653,18 +663,35 @@ static bool netdev_can_set_mtu(NetDev *netdev, uint32_t mtu) {
if (mtu <= 0)
return false;
if (!NETDEV_VTABLE(netdev)->can_set_mtu)
return true;
Link *link;
if (link_get_by_index(netdev->manager, netdev->ifindex, &link) < 0)
return true; /* The netdev does not exist yet. We can set MTU. */
if (mtu < link->min_mtu || link->max_mtu < mtu)
return false; /* The MTU is out of range. */
if (link->mtu == mtu)
return false; /* Unchanged, not necessary to set. */
/* Some netdevs cannot change MTU, e.g. vxlan. Let's use the custom checkers in such cases. */
if (NETDEV_VTABLE(netdev)->can_set_mtu)
return NETDEV_VTABLE(netdev)->can_set_mtu(netdev, mtu);
/* By default, allow to update the MTU. */
return true;
}
static int netdev_create_message(NetDev *netdev, Link *link, sd_netlink_message *m) {
int r;
if (netdev->ifindex <= 0) {
/* Set interface name when it is newly created. Otherwise, the kernel older than
* bd039b5ea2a91ea707ee8539df26456bd5be80af (v6.2) will refuse the netlink message even if
* the name is unchanged. */
r = sd_netlink_message_append_string(m, IFLA_IFNAME, netdev->ifname);
if (r < 0)
return r;
}
struct hw_addr_data hw_addr;
r = netdev_generate_hw_addr(netdev, link, netdev->ifname, &netdev->hw_addr, &hw_addr);
@ -827,7 +854,16 @@ static int stacked_netdev_process_request(Request *req, Link *link, void *userda
assert(link);
if (!netdev_is_managed(netdev))
return 1; /* Already detached, due to e.g. reloading .netdev files, cancelling the request. */
goto cancelled; /* Already detached, due to e.g. reloading .netdev files, cancelling the request. */
if (NETDEV_VTABLE(netdev)->keep_existing && netdev->ifindex > 0) {
/* Already exists, and the netdev does not support updating, entering the ready state. */
r = netdev_enter_ready(netdev);
if (r < 0)
return r;
goto cancelled;
}
r = netdev_is_ready_to_create(netdev, link);
if (r <= 0)
@ -838,21 +874,41 @@ static int stacked_netdev_process_request(Request *req, Link *link, void *userda
return log_netdev_warning_errno(netdev, r, "Failed to create netdev: %m");
return 1;
cancelled:
assert_se(TAKE_PTR(req->counter) == &link->create_stacked_netdev_messages);
link->create_stacked_netdev_messages--;
if (link->create_stacked_netdev_messages == 0) {
link->stacked_netdevs_created = true;
log_link_debug(link, "Stacked netdevs created.");
link_check_ready(link);
}
return 1;
}
static int create_stacked_netdev_handler(sd_netlink *rtnl, sd_netlink_message *m, Request *req, Link *link, void *userdata) {
NetDev *netdev = ASSERT_PTR(userdata);
int r;
assert(m);
assert(link);
r = sd_netlink_message_get_errno(m);
if (r < 0 && r != -EEXIST) {
log_link_message_warning_errno(link, m, r, "Could not create stacked netdev");
if (r >= 0)
log_netdev_debug(netdev, "Created.");
else if (r == -EEXIST && netdev->ifindex > 0)
log_netdev_debug(netdev, "Already exists.");
else {
log_netdev_warning_errno(netdev, r, "Failed to create netdev: %m");
netdev_enter_failed(netdev);
link_enter_failed(link);
return 0;
}
(void) netdev_enter_ready(netdev);
if (link->create_stacked_netdev_messages == 0) {
link->stacked_netdevs_created = true;
log_link_debug(link, "Stacked netdevs created.");
@ -901,6 +957,15 @@ static int independent_netdev_process_request(Request *req, Link *link, void *us
if (!netdev_is_managed(netdev))
return 1; /* Already detached, due to e.g. reloading .netdev files, cancelling the request. */
if (NETDEV_VTABLE(netdev)->keep_existing && netdev->ifindex > 0) {
/* Already exists, and the netdev does not support updating, entering the ready state. */
r = netdev_enter_ready(netdev);
if (r < 0)
return r;
return 1; /* Skip this request. */
}
r = netdev_is_ready_to_create(netdev, NULL);
if (r <= 0)
return r;
@ -930,21 +995,9 @@ static int netdev_request_to_create(NetDev *netdev) {
if (netdev->state != NETDEV_STATE_LOADING)
return 0; /* Already configured (at least tried previously). Not necessary to reconfigure. */
r = netdev_is_ready_to_create(netdev, NULL);
if (r < 0)
return r;
if (r > 0) {
/* If the netdev has no dependency, then create it now. */
r = independent_netdev_create(netdev);
if (r < 0)
return log_netdev_warning_errno(netdev, r, "Failed to create netdev: %m");
} else {
/* Otherwise, wait for the dependencies being resolved. */
r = netdev_queue_request(netdev, independent_netdev_process_request, NULL);
if (r < 0)
return log_netdev_warning_errno(netdev, r, "Failed to request to create netdev: %m");
}
return 0;
}

View File

@ -199,6 +199,10 @@ typedef struct NetDevVTable {
/* When assigning ifindex to the netdev, skip to check if the netdev kind matches. */
bool skip_netdev_kind_check;
/* Provides if the netdev can be updated, that is, whether RTM_NEWLINK with existing ifindex is supported or not.
* If this is true, the netdev does not support updating. */
bool keep_existing;
} NetDevVTable;
extern const NetDevVTable * const netdev_vtable[_NETDEV_KIND_MAX];

View File

@ -4,10 +4,15 @@
#include "netdevsim.h"
static bool netdevsim_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
return true;
}
const NetDevVTable netdevsim_vtable = {
.object_size = sizeof(NetDevSim),
.sections = NETDEV_COMMON_SECTIONS,
.create_type = NETDEV_CREATE_INDEPENDENT,
.can_set_mac = netdevsim_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};

View File

@ -1119,6 +1119,11 @@ static void netdev_tunnel_init(NetDev *netdev) {
t->ttl = DEFAULT_IPV6_TTL;
}
static bool tunnel_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_addr) {
assert(IN_SET(netdev->kind, NETDEV_KIND_GRETAP, NETDEV_KIND_IP6GRETAP, NETDEV_KIND_ERSPAN));
return true;
}
const NetDevVTable ipip_vtable = {
.object_size = sizeof(Tunnel),
.init = netdev_tunnel_init,
@ -1188,6 +1193,7 @@ const NetDevVTable gretap_vtable = {
.is_ready_to_create = netdev_tunnel_is_ready_to_create,
.config_verify = netdev_tunnel_verify,
.needs_reconfigure = tunnel_needs_reconfigure,
.can_set_mac = tunnel_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};
@ -1213,6 +1219,7 @@ const NetDevVTable ip6gretap_vtable = {
.is_ready_to_create = netdev_tunnel_is_ready_to_create,
.config_verify = netdev_tunnel_verify,
.needs_reconfigure = tunnel_needs_reconfigure,
.can_set_mac = tunnel_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};
@ -1238,6 +1245,7 @@ const NetDevVTable erspan_vtable = {
.is_ready_to_create = netdev_tunnel_is_ready_to_create,
.config_verify = netdev_tunnel_verify,
.needs_reconfigure = tunnel_needs_reconfigure,
.can_set_mac = tunnel_can_set_mac,
.iftype = ARPHRD_ETHER,
.generate_mac = true,
};

View File

@ -36,15 +36,33 @@ static TunTap* TUNTAP(NetDev *netdev) {
DEFINE_PRIVATE_HASH_OPS_FULL(named_fd_hash_ops, char, string_hash_func, string_compare_func, free, void, close_fd_ptr);
int manager_add_tuntap_fd(Manager *m, int fd, const char *name) {
static int manager_add_tuntap_fd_impl(Manager *m, int fd, const char *name) {
_cleanup_free_ char *tuntap_name = NULL;
const char *p;
int r;
assert(m);
assert(fd >= 0);
assert(name);
tuntap_name = strdup(name);
if (!tuntap_name)
return log_oom_debug();
r = hashmap_ensure_put(&m->tuntap_fds_by_name, &named_fd_hash_ops, tuntap_name, FD_TO_PTR(fd));
if (r < 0)
return log_debug_errno(r, "Failed to store tuntap fd: %m");
TAKE_PTR(tuntap_name);
return 0;
}
int manager_add_tuntap_fd(Manager *m, int fd, const char *name) {
const char *p;
assert(m);
assert(fd >= 0);
assert(name);
p = startswith(name, "tuntap-");
if (!p)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Received unknown fd (%s).", name);
@ -52,65 +70,75 @@ int manager_add_tuntap_fd(Manager *m, int fd, const char *name) {
if (!ifname_valid(p))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Received tuntap fd with invalid name (%s).", p);
tuntap_name = strdup(p);
if (!tuntap_name)
return log_oom_debug();
return manager_add_tuntap_fd_impl(m, fd, p);
}
r = hashmap_ensure_put(&m->tuntap_fds_by_name, &named_fd_hash_ops, tuntap_name, FD_TO_PTR(fd));
if (r < 0)
return log_debug_errno(r, "Failed to store tuntap fd: %m");
static int netdev_take_tuntap_fd(Manager *m, const char *ifname) {
_unused_ _cleanup_free_ char *name = NULL;
void *p;
TAKE_PTR(tuntap_name);
assert(m);
assert(ifname);
p = hashmap_remove2(m->tuntap_fds_by_name, ifname, (void**) &name);
if (!p)
return -EBADF;
return PTR_TO_FD(p);
}
static int netdev_push_tuntap_fd(NetDev *netdev, int fd) {
_unused_ _cleanup_close_ int fd_old = -EBADF;
int r;
assert(netdev->manager);
fd_old = netdev_take_tuntap_fd(netdev->manager, netdev->ifname);
if (!TUNTAP(netdev)->keep_fd)
return 0;
r = manager_add_tuntap_fd_impl(netdev->manager, fd, netdev->ifname);
if (r < 0)
return r;
(void) notify_push_fdf(fd, "tuntap-%s", netdev->ifname);
return 1; /* saved */
}
static void manager_close_and_notify_tuntap_fd(Manager *m, const char *ifname) {
assert(m);
assert(ifname);
/* netdev_take_tuntap_fd() may invalidate ifname. Hence, need to create fdname earlier. */
const char *fdname = strjoina("tuntap-", ifname);
close_and_notify_warn(netdev_take_tuntap_fd(m, ifname), fdname);
}
void manager_clear_unmanaged_tuntap_fds(Manager *m) {
char *name;
const char *name;
void *p;
assert(m);
while ((p = hashmap_steal_first_key_and_value(m->tuntap_fds_by_name, (void**) &name))) {
close_and_notify_warn(PTR_TO_FD(p), name);
name = mfree(name);
HASHMAP_FOREACH_KEY(p, name, m->tuntap_fds_by_name) {
NetDev *netdev;
if (netdev_get(m, name, &netdev) < 0 ||
!IN_SET(netdev->kind, NETDEV_KIND_TAP, NETDEV_KIND_TUN) ||
!TUNTAP(netdev)->keep_fd)
manager_close_and_notify_tuntap_fd(m, name);
}
}
static int tuntap_take_fd(NetDev *netdev) {
_cleanup_free_ char *name = NULL;
void *p;
int r;
assert(netdev);
assert(netdev->manager);
r = link_get_by_name(netdev->manager, netdev->ifname, NULL);
if (r < 0)
return r;
p = hashmap_remove2(netdev->manager->tuntap_fds_by_name, netdev->ifname, (void**) &name);
if (!p)
return -ENOENT;
log_netdev_debug(netdev, "Found file descriptor in fd store.");
return PTR_TO_FD(p);
}
static int netdev_create_tuntap(NetDev *netdev) {
_cleanup_close_ int fd = -EBADF;
struct ifreq ifr = {};
TunTap *t;
TunTap *t = TUNTAP(netdev);
int r;
assert(netdev);
assert(netdev->manager);
t = TUNTAP(netdev);
assert(t);
fd = TAKE_FD(t->fd);
if (fd < 0)
fd = tuntap_take_fd(netdev);
if (fd < 0)
fd = open(TUN_DEV, O_RDWR|O_CLOEXEC);
if (fd < 0)
return log_netdev_error_errno(netdev, errno, "Failed to open " TUN_DEV ": %m");
@ -175,42 +203,25 @@ static int netdev_create_tuntap(NetDev *netdev) {
if (ioctl(fd, TUNSETPERSIST, 1) < 0)
return log_netdev_error_errno(netdev, errno, "TUNSETPERSIST failed: %m");
if (t->keep_fd) {
t->fd = TAKE_FD(fd);
(void) notify_push_fdf(t->fd, "tuntap-%s", netdev->ifname);
}
r = netdev_push_tuntap_fd(netdev, fd);
if (r < 0)
return log_netdev_warning_errno(netdev, r, "Failed to save TUN/TAP fd: %m");
if (r > 0)
TAKE_FD(fd);
netdev_enter_ready(netdev);
return 0;
}
static void tuntap_init(NetDev *netdev) {
TunTap *t;
assert(netdev);
t = TUNTAP(netdev);
assert(t);
t->fd = -EBADF;
}
static void tuntap_drop(NetDev *netdev) {
TunTap *t;
assert(netdev);
t = TUNTAP(netdev);
assert(t);
t->fd = close_and_notify_warn(t->fd, netdev->ifname);
manager_close_and_notify_tuntap_fd(netdev->manager, netdev->ifname);
}
static void tuntap_done(NetDev *netdev) {
TunTap *t;
TunTap *t = TUNTAP(netdev);
assert(netdev);
t = TUNTAP(netdev);
assert(t);
t->fd = safe_close(t->fd);
t->user_name = mfree(t->user_name);
t->group_name = mfree(t->group_name);
}
@ -237,7 +248,6 @@ const NetDevVTable tun_vtable = {
.object_size = sizeof(TunTap),
.sections = NETDEV_COMMON_SECTIONS "Tun\0",
.config_verify = tuntap_verify,
.init = tuntap_init,
.drop = tuntap_drop,
.done = tuntap_done,
.create = netdev_create_tuntap,
@ -249,7 +259,6 @@ const NetDevVTable tap_vtable = {
.object_size = sizeof(TunTap),
.sections = NETDEV_COMMON_SECTIONS "Tap\0",
.config_verify = tuntap_verify,
.init = tuntap_init,
.drop = tuntap_drop,
.done = tuntap_done,
.create = netdev_create_tuntap,

View File

@ -8,7 +8,6 @@ typedef struct TunTap TunTap;
struct TunTap {
NetDev meta;
int fd;
char *user_name;
char *group_name;
bool multi_queue;

Some files were not shown because too many files have changed in this diff Show More