Compare commits
10 Commits
34a4eff47c
...
f81190fdd1
| Author | SHA1 | Date |
|---|---|---|
Ani Sinha
|
f81190fdd1 | |
|
Christian Hesse
|
c946b13575 | |
|
Lennart Poettering
|
e39cbb1442 | |
|
Marco Tomaschett
|
bc4a027f9c | |
|
Lennart Poettering
|
d209e197f8 | |
|
Antonio Alvarez Feijoo
|
9ed090230e | |
|
Lennart Poettering
|
47c5ca237b | |
|
Lennart Poettering
|
7f8a4f12df | |
|
Lennart Poettering
|
e412fc5e04 | |
|
Ani Sinha
|
9f026bfd96 |
|
|
@ -953,6 +953,15 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
|
||||||
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
||||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||||
|
|
||||||
|
#########################################
|
||||||
|
# Pine64
|
||||||
|
#########################################
|
||||||
|
|
||||||
|
# PineTab2
|
||||||
|
|
||||||
|
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
|
||||||
|
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Pipo
|
# Pipo
|
||||||
#########################################
|
#########################################
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,9 @@
|
||||||
<listitem><para>An optional <literal>.ucode</literal> section with an initrd containing microcode, to
|
<listitem><para>An optional <literal>.ucode</literal> section with an initrd containing microcode, to
|
||||||
be handed to the kernel before any other initrd. This initrd must not be compressed.</para></listitem>
|
be handed to the kernel before any other initrd. This initrd must not be compressed.</para></listitem>
|
||||||
|
|
||||||
|
<listitem><para>An optional <literal>.fmw</literal> section with the firmware image.
|
||||||
|
</para></listitem>
|
||||||
|
|
||||||
<listitem><para>An optional <literal>.splash</literal> section with an image (in the Windows
|
<listitem><para>An optional <literal>.splash</literal> section with an image (in the Windows
|
||||||
<filename>.BMP</filename> format) to show on screen before invoking the kernel.</para></listitem>
|
<filename>.BMP</filename> format) to show on screen before invoking the kernel.</para></listitem>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,5 +23,6 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
|
||||||
[UNIFIED_SECTION_PROFILE] = ".profile",
|
[UNIFIED_SECTION_PROFILE] = ".profile",
|
||||||
[UNIFIED_SECTION_DTBAUTO] = ".dtbauto",
|
[UNIFIED_SECTION_DTBAUTO] = ".dtbauto",
|
||||||
[UNIFIED_SECTION_HWIDS] = ".hwids",
|
[UNIFIED_SECTION_HWIDS] = ".hwids",
|
||||||
|
[UNIFIED_SECTION_FIRMWARE] = ".fmw",
|
||||||
NULL,
|
NULL,
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ typedef enum UnifiedSection {
|
||||||
UNIFIED_SECTION_PROFILE,
|
UNIFIED_SECTION_PROFILE,
|
||||||
UNIFIED_SECTION_DTBAUTO,
|
UNIFIED_SECTION_DTBAUTO,
|
||||||
UNIFIED_SECTION_HWIDS,
|
UNIFIED_SECTION_HWIDS,
|
||||||
|
UNIFIED_SECTION_FIRMWARE,
|
||||||
_UNIFIED_SECTION_MAX,
|
_UNIFIED_SECTION_MAX,
|
||||||
} UnifiedSection;
|
} UnifiedSection;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
|
||||||
|
|
||||||
int pidfd = sd_varlink_get_peer_pidfd(v);
|
int pidfd = sd_varlink_get_peer_pidfd(v);
|
||||||
if (pidfd < 0) {
|
if (pidfd < 0) {
|
||||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
|
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
|
||||||
return pidfd;
|
return pidfd;
|
||||||
|
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
|
||||||
|
|
@ -104,6 +104,7 @@ static int help(int argc, char *argv[], void *userdata) {
|
||||||
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
" --linux=PATH Path to Linux kernel image file %7$s .linux\n"
|
||||||
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
" --osrel=PATH Path to os-release file %7$s .osrel\n"
|
||||||
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
" --cmdline=PATH Path to file with kernel command line %7$s .cmdline\n"
|
||||||
|
" --firmware=PATH Path to firmware image file %7$s .fmw\n"
|
||||||
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
" --initrd=PATH Path to initrd image file %7$s .initrd\n"
|
||||||
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
" --ucode=PATH Path to microcode image file %7$s .ucode\n"
|
||||||
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
" --splash=PATH Path to splash bitmap file %7$s .splash\n"
|
||||||
|
|
@ -158,8 +159,9 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
ARG_PCRPKEY,
|
ARG_PCRPKEY,
|
||||||
ARG_PROFILE,
|
ARG_PROFILE,
|
||||||
ARG_HWIDS,
|
ARG_HWIDS,
|
||||||
|
ARG_DTBAUTO,
|
||||||
_ARG_SECTION_LAST,
|
_ARG_SECTION_LAST,
|
||||||
ARG_DTBAUTO = _ARG_SECTION_LAST,
|
ARG_FIRMWARE = _ARG_SECTION_LAST,
|
||||||
ARG_BANK,
|
ARG_BANK,
|
||||||
ARG_PRIVATE_KEY,
|
ARG_PRIVATE_KEY,
|
||||||
ARG_PRIVATE_KEY_SOURCE,
|
ARG_PRIVATE_KEY_SOURCE,
|
||||||
|
|
@ -180,6 +182,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||||
{ "osrel", required_argument, NULL, ARG_OSREL },
|
{ "osrel", required_argument, NULL, ARG_OSREL },
|
||||||
{ "cmdline", required_argument, NULL, ARG_CMDLINE },
|
{ "cmdline", required_argument, NULL, ARG_CMDLINE },
|
||||||
{ "initrd", required_argument, NULL, ARG_INITRD },
|
{ "initrd", required_argument, NULL, ARG_INITRD },
|
||||||
|
{ "firmware", required_argument, NULL, ARG_FIRMWARE },
|
||||||
{ "ucode", required_argument, NULL, ARG_UCODE },
|
{ "ucode", required_argument, NULL, ARG_UCODE },
|
||||||
{ "splash", required_argument, NULL, ARG_SPLASH },
|
{ "splash", required_argument, NULL, ARG_SPLASH },
|
||||||
{ "dtb", required_argument, NULL, ARG_DTB },
|
{ "dtb", required_argument, NULL, ARG_DTB },
|
||||||
|
|
|
||||||
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
||||||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||||
|
|
||||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
||||||
|
|
||||||
/* Default to PCR 7 only */
|
/* Default to PCR 7 only */
|
||||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||||
|
|
|
||||||
|
|
@ -242,6 +242,7 @@ class UkifyConfig:
|
||||||
efi_arch: str
|
efi_arch: str
|
||||||
hwids: Path
|
hwids: Path
|
||||||
initrd: list[Path]
|
initrd: list[Path]
|
||||||
|
firmware: Path
|
||||||
join_profiles: list[Path]
|
join_profiles: list[Path]
|
||||||
json: Union[Literal['pretty'], Literal['short'], Literal['off']]
|
json: Union[Literal['pretty'], Literal['short'], Literal['off']]
|
||||||
linux: Optional[Path]
|
linux: Optional[Path]
|
||||||
|
|
@ -364,6 +365,7 @@ class Uname:
|
||||||
DEFAULT_SECTIONS_TO_SHOW = {
|
DEFAULT_SECTIONS_TO_SHOW = {
|
||||||
'.linux': 'binary',
|
'.linux': 'binary',
|
||||||
'.initrd': 'binary',
|
'.initrd': 'binary',
|
||||||
|
'.fmw': 'binary',
|
||||||
'.ucode': 'binary',
|
'.ucode': 'binary',
|
||||||
'.splash': 'binary',
|
'.splash': 'binary',
|
||||||
'.dtb': 'binary',
|
'.dtb': 'binary',
|
||||||
|
|
@ -1213,6 +1215,7 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
('.splash', opts.splash, True),
|
('.splash', opts.splash, True),
|
||||||
('.pcrpkey', pcrpkey, True),
|
('.pcrpkey', pcrpkey, True),
|
||||||
('.initrd', initrd, True),
|
('.initrd', initrd, True),
|
||||||
|
('.fmw', opts.firmware, True),
|
||||||
('.ucode', opts.microcode, True),
|
('.ucode', opts.microcode, True),
|
||||||
] # fmt: skip
|
] # fmt: skip
|
||||||
|
|
||||||
|
|
@ -1269,6 +1272,7 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
'.osrel',
|
'.osrel',
|
||||||
'.cmdline',
|
'.cmdline',
|
||||||
'.initrd',
|
'.initrd',
|
||||||
|
'.fmw',
|
||||||
'.ucode',
|
'.ucode',
|
||||||
'.splash',
|
'.splash',
|
||||||
'.dtb',
|
'.dtb',
|
||||||
|
|
@ -1729,6 +1733,12 @@ CONFIG_ITEMS = [
|
||||||
config_key='UKI/Initrd',
|
config_key='UKI/Initrd',
|
||||||
config_push=ConfigItem.config_list_prepend,
|
config_push=ConfigItem.config_list_prepend,
|
||||||
),
|
),
|
||||||
|
ConfigItem(
|
||||||
|
'--firmware',
|
||||||
|
type=Path,
|
||||||
|
help='firmware file [.fmw section]',
|
||||||
|
config_key='UKI/Firmware',
|
||||||
|
),
|
||||||
ConfigItem(
|
ConfigItem(
|
||||||
'--microcode',
|
'--microcode',
|
||||||
metavar='UCODE',
|
metavar='UCODE',
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@
|
||||||
#include "user-util.h"
|
#include "user-util.h"
|
||||||
#include "userdb.h"
|
#include "userdb.h"
|
||||||
#include "verbs.h"
|
#include "verbs.h"
|
||||||
|
#include "virt.h"
|
||||||
|
|
||||||
static enum {
|
static enum {
|
||||||
OUTPUT_CLASSIC,
|
OUTPUT_CLASSIC,
|
||||||
|
|
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool test_show_mapped(void) {
|
||||||
|
/* Show mapped user range only in environments where user mapping is a thing. */
|
||||||
|
return running_in_userns() > 0;
|
||||||
|
}
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
uid_t first, last;
|
uid_t first, last;
|
||||||
const char *name;
|
const char *name;
|
||||||
UserDisposition disposition;
|
UserDisposition disposition;
|
||||||
|
bool (*test)(void);
|
||||||
} uid_range_table[] = {
|
} uid_range_table[] = {
|
||||||
{
|
{
|
||||||
.first = 1,
|
.first = 1,
|
||||||
|
|
@ -175,11 +182,12 @@ static const struct {
|
||||||
.last = MAP_UID_MAX,
|
.last = MAP_UID_MAX,
|
||||||
.name = "mapped",
|
.name = "mapped",
|
||||||
.disposition = USER_REGULAR,
|
.disposition = USER_REGULAR,
|
||||||
|
.test = test_show_mapped,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
|
|
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " users ",
|
" begin ", i->name, " users ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
|
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||||
|
|
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r;
|
int r, n_added = 0;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
FOREACH_ELEMENT(i, uid_range_table) {
|
FOREACH_ELEMENT(i, uid_range_table) {
|
||||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||||
|
|
||||||
|
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
||||||
|
continue;
|
||||||
|
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (i->test && !i->test())
|
||||||
|
continue;
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " groups ",
|
" begin ", i->name, " groups ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
|
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
|
n_added += 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ELEMENTSOF(uid_range_table) * 2;
|
return n_added;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||||
|
|
|
||||||
|
|
@ -13,11 +13,12 @@
|
||||||
|
|
||||||
d /run/lock 0755 root root -
|
d /run/lock 0755 root root -
|
||||||
L /var/lock - - - - ../run/lock
|
L /var/lock - - - - ../run/lock
|
||||||
|
|
||||||
|
{% if HAVE_SYSV_COMPAT %}
|
||||||
{% if CREATE_LOG_DIRS %}
|
{% if CREATE_LOG_DIRS %}
|
||||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if HAVE_SYSV_COMPAT %}
|
|
||||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||||
# hence without use on SysV-less systems.
|
# hence without use on SysV-less systems.
|
||||||
d /run/lock/subsys 0755 root root -
|
d /run/lock/subsys 0755 root root -
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue