Compare commits

..

1 Commits

Author SHA1 Message Date
Ani Sinha 9f026bfd96 measure: introduce support for a .fmw section
UKIs container can be used to bundle a firmware image that can be measured and
used on a confidential computing environment. Add support to introduce a .fmw
section in UKI that can be used for a firmware image. ukify tool has been
also changed to support addition of a firmware image in UKI. For example:

ukify.py build \
        --stub ./build/src/boot/efi/linuxx64.efi.stub \
        --linux bzImage \
        --cmdline='blah blah debug' \
        --firmware ~/OVMF.fd \
        --output=root/efi/boot/bootx64.efi

Co-authored-by: harald.hoyer@gmail.com
2024-11-12 15:38:46 +05:30
247 changed files with 103311 additions and 106486 deletions

93
NEWS
View File

@ -399,15 +399,6 @@ CHANGES WITH 257 in spe:
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
* ukify gained a --certificate-provider switch to use an OpenSSL
provider to load the certificate used to sign artifacts, instead of
having to provide the path to a file on disk.
* bootctl, systemd-keyutil, systemd-measure, systemd-repart, and
systemd-sbsign gained a new --certificate-source switch that allows
loading the X.509 certificate from an OpenSSL provider instead of a
file system path.
* systemd-boot's menu will now react to volume up/down rocker presses
the same way as to arrow up/down presses: they move the menu item up
or down. This is useful on device form factors that have only a
@ -446,9 +437,6 @@ CHANGES WITH 257 in spe:
and providers, with pin caching support for PKCS11. ukify supports it
as an alternative to sbsigntool and pesign.
* A new systemd-keyutil tool has been added, that can be used to perform
various operations on private keys and X.509 certificates.
The journal:
* journalctl can now list invocations of a unit with the
@ -764,38 +752,36 @@ CHANGES WITH 257 in spe:
other cases EnterNamespace= might be an suitable approach to acquire
symbolized backtraces.)
Contributions from: 12paper, A. Wilcox, Abderrahim Kitouni,
Adrian Vovk, Alain Greppin, Allison Karlitskaya, Alyssa Ross,
Anders Jonsson, Andika Triwidada, Andres Beltran, Anouk Ceyssens,
Anselm Schueler, Anton Golubev, Antonio Alvarez Feijoo,
Arian van Putten, Arnaud Patard, Arthur Shau, Bastien Nocera,
Benjamin ROBIN, Brenton Simpson, Bryan Gurney, ButterflyOfFire,
Carlo Teubner, Celeste Liu, Chen Guanqiao, Chen Qi, Chengen Du,
Christoph Anton Mitterer, Colin Foster, Collin L,
Cristian Rodríguez, Daan De Meyer, Dan Nicholson, Daniel Dawson,
Daniel Martinez, Daniel P. Berrangé, Daniel Rusek,
Darsey Litzenberger, David Joaquín Shourabi Porcel,
David Michael, David Rheinsberg, David Tardon, Davide Cavalca,
Derek J. Clark, Diego Viola, Dimitrys Meliates, Diogo Ivo,
DocNITE, Dominique Martinet, Dr. David Alan Gilbert,
Edson Juliano Drosdeck, Erik Sjölund, Etienne Champetier,
Etienne Cordonnier, Ettore Atalan, Eugeny Shcheglov, Fabian Vogt,
Filip Lewiński, Florian Schmaus, Franck Bui, Frantisek Sumsal,
Fábio Rodrigues Ribeiro, Gabriel Elyas, Gaël PORTAY,
Giovanni Baratta, Gregor Herburger, Gregory Arenius, GwynBleidD,
Göran Uddeborg, Hans de Goede, Helmut Grohne, Henry Chen,
Ian Abbott, Integral, Ivan Kruglov, Ivan Shapovalov, James Coglan,
James Hilliard, James Muir, Jason Yundt, Jeffrey Bosboom,
Jian Zhang, Johannes Schneider, John A. Leuenhagen,
Jose Ignacio Tornos Martinez, JoseskVolpe, Joshua Grisham,
Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk, Karel Zak,
Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Lidong Zhong, Luca Boccassi, Lucas Adriano Salles,
Lucas Werkmeister, Ludwig Nussel, Luke T. Shumaker,
Lukáš Nykrýn, Luna Jernberg, Léane GRASSER, Maanya Goenka,
Mantas Mikulėnas, Marc Reisner, Marcel Hellwig, Marin Kresic,
Marius Hoch, Martin Srebotnjak, Martin Wilck, Mary Strodl,
Matteo Croce, Matthias Lisin, Matthias Schiffer,
Contributions from: A. Wilcox, Abderrahim Kitouni, Adrian Vovk,
Alain Greppin, Allison Karlitskaya, Alyssa Ross, Anders Jonsson,
Andika Triwidada, Andres Beltran, Anouk Ceyssens, Anton Golubev,
Antonio Alvarez Feijoo, Arian van Putten, Arnaud Patard,
Arthur Shau, Bastien Nocera, Benjamin ROBIN, Brenton Simpson,
Bryan Gurney, ButterflyOfFire, Carlo Teubner, Celeste Liu,
Chen Guanqiao, Chen Qi, Chengen Du, Christoph Anton Mitterer,
Colin Foster, Collin L, Cristian Rodríguez, Daan De Meyer,
Dan Nicholson, Daniel Dawson, Daniel Martinez,
Daniel P. Berrangé, Daniel Rusek, Darsey Litzenberger,
David Joaquín Shourabi Porcel, David Michael, David Rheinsberg,
David Tardon, Davide Cavalca, Derek J. Clark, Diego Viola,
Dimitrys Meliates, Diogo Ivo, DocNITE, Dominique Martinet,
Dr. David Alan Gilbert, Edson Juliano Drosdeck, Erik Sjölund,
Etienne Champetier, Etienne Cordonnier, Ettore Atalan,
Eugeny Shcheglov, Fabian Vogt, Filip Lewiński, Florian Schmaus,
Franck Bui, Frantisek Sumsal, Fábio Rodrigues Ribeiro,
Gabriel Elyas, Gaël PORTAY, Giovanni Baratta, Gregor Herburger,
Gregory Arenius, GwynBleidD, Göran Uddeborg, Hans de Goede,
Helmut Grohne, Henry Chen, Ian Abbott, Integral, Ivan Kruglov,
Ivan Shapovalov, James Coglan, James Hilliard, James Muir,
Jason Yundt, Jeffrey Bosboom, Johannes Schneider,
John A. Leuenhagen, Jose Ignacio Tornos Martinez, JoseskVolpe,
Joshua Grisham, Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk,
Karel Zak, Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Luca Boccassi, Lucas Adriano Salles, Lucas Werkmeister,
Ludwig Nussel, Luke T. Shumaker, Lukáš Nykrýn, Léane GRASSER,
Maanya Goenka, Mantas Mikulėnas, Marc Reisner, Marcel Hellwig,
Marin Kresic, Marius Hoch, Martin Srebotnjak, Martin Wilck,
Mary Strodl, Matteo Croce, Matthias Lisin, Matthias Schiffer,
Matthieu Baerts (NGI0), Matthieu CHARETTE,
Mauri de Souza Meneguzzo, Maximilian Wilhelm, Merlin Jehli,
Michael Ferrari, Michal Koutný, Michal Sekletár,
@ -809,17 +795,16 @@ CHANGES WITH 257 in spe:
Stuart Hayhurst, Susant Sahani, Takeo Kondo, Temuri Doghonadze,
Thomas Blume, Thorsten Scherer, Tobias Fleig, Tom Coldrick,
Tom Yan, Tomas Bzatek, Topi Miettinen, Uday Shankar,
Valentin David, Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo,
Vladimir Panteleev, Vursc, Will Fancher, WilliButz, Xeonacid,
Yanqing Jing, Yu Watanabe, Yuri Chornoivan, ZHANG Yuntian,
Zbigniew Jędrzejewski-Szmek, Zhou Qiankang, andre4ik3, anonymix007,
bryango, chayleaf, chenjiayi, csp5me, cvlc12, fwfy, hugo303,
jan@neighbourhood.ie, jauge-technica, lumingzh, maia x., marginaldev,
migleeson, nerdopolis, oldherl, pyfisch, q66, rajmohan r, reDBo0n,
rhellstrom, rindeal, samuelvw01, sinus-x, tfg13, vdovhanych, xujing,
Łukasz Stelmach, Štěpán Němec, Дамјан Георгиевски
Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo, Vladimir Panteleev,
Will Fancher, WilliButz, Xeonacid, Yanqing Jing, Yu Watanabe,
Yuri Chornoivan, ZHANG Yuntian, Zbigniew Jędrzejewski-Szmek,
Zhou Qiankang, anonymix007, bryango, chayleaf, chenjiayi, csp5me,
cvlc12, fwfy, hugo303, jan@neighbourhood.ie, jauge-technica, lumingzh,
maia x., marginaldev, migleeson, nerdopolis, oldherl, pyfisch, q66,
rajmohan r, reDBo0n, rhellstrom, rindeal, samuelvw01, sinus-x, tfg13,
vdovhanych, xujing, Łukasz Stelmach, Дамјан Георгиевски
— Edinburgh, 2024-11-15
— Edinburgh, 2024-11-06
CHANGES WITH 256:

16
TODO
View File

@ -129,20 +129,6 @@ Deprecations and removals:
Features:
* Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
users how to connect to the system via the AF_VSOCK, as per:
https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
* maybe introduce an OSC sequence that signals when we ask for a password, so
that terminal emulators can maybe connect a password manager or so, and
highlight things specially.
* Port pidref_namespace_open() to use PIDFD_GET_MNT_NAMESPACE and related
ioctls to get nsfds directly from pidfds.
* start using STATX_SUBVOL in btrfs_is_subvol(). Also, make use of it
generically, so that image discovery recognizes bcachefs subvols too.
* format-table: introduce new cell type for strings with ansi sequences in
them. display them in regular output mode (via strip_tab_ansi()), but
suppress them in json mode.
@ -2064,7 +2050,7 @@ Features:
with other units https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/hw-vuln/core-scheduling.rst
- ExtensionImages= deduplication for services is currently only applied to disk images without GPT envelope.
This should be extended to work with proper DDIs too, as well as directory confext/sysext. Moreover,
system-wide confext/sysext should support this too.
system-wide confex/sysext should support this too.
- Pin the mount namespace via FD by sending it back from sd-exec to the manager, and use it
for live mounting, instead of doing it via PID

View File

@ -36123,7 +36123,7 @@ OUI:00A044*
ID_OUI_FROM_DATABASE=NTT IT CO., LTD.
OUI:00A045*
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
OUI:00A046*
ID_OUI_FROM_DATABASE=SCITEX CORP. LTD.
@ -40088,9 +40088,6 @@ OUI:044707*
OUI:04472A*
ID_OUI_FROM_DATABASE=Palo Alto Networks
OUI:0447CA*
ID_OUI_FROM_DATABASE=GREE ELECTRIC APPLIANCES, INC. OF ZHUHAI
OUI:04489A*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -40559,9 +40556,6 @@ OUI:04AC44*
OUI:04AEC7*
ID_OUI_FROM_DATABASE=Marquardt
OUI:04B066*
ID_OUI_FROM_DATABASE=Private
OUI:04B0E7*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -43064,30 +43058,12 @@ OUI:0C47A90*
OUI:0C47A91*
ID_OUI_FROM_DATABASE=Shanghai BST Electric Co.,ltd
OUI:0C47A92*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A93*
ID_OUI_FROM_DATABASE=HONGKONG STONEOIM TECHNOLOGY LIMITED
OUI:0C47A94*
ID_OUI_FROM_DATABASE=Private
OUI:0C47A95*
ID_OUI_FROM_DATABASE=Everon Co., Ltd.
OUI:0C47A96*
ID_OUI_FROM_DATABASE=Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
OUI:0C47A97*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A98*
ID_OUI_FROM_DATABASE=Honest Networks LLC
OUI:0C47A99*
ID_OUI_FROM_DATABASE=Shanghai Sigen New Energy Technology Co., Ltd
OUI:0C47A9A*
ID_OUI_FROM_DATABASE=Lens Technology (Xiangtan) Co.,Ltd
@ -43100,9 +43076,6 @@ OUI:0C47A9C*
OUI:0C47A9D*
ID_OUI_FROM_DATABASE=DIG_LINK
OUI:0C47A9E*
ID_OUI_FROM_DATABASE=BGResearch
OUI:0C47C9*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
@ -43625,9 +43598,6 @@ OUI:0C9301*
OUI:0C938F*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
OUI:0C93A5*
ID_OUI_FROM_DATABASE=eero inc.
OUI:0C93FB*
ID_OUI_FROM_DATABASE=BNS Solutions
@ -44057,9 +44027,6 @@ OUI:0CEC84*
OUI:0CEC8D*
ID_OUI_FROM_DATABASE=Motorola Mobility LLC, a Lenovo Company
OUI:0CED71*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:0CEDC8*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -46244,9 +46211,6 @@ OUI:147F67*
OUI:147FCE*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:1480CC*
ID_OUI_FROM_DATABASE=Quectel Wireless Solutions Co.,Ltd.
OUI:14825B*
ID_OUI_FROM_DATABASE=Hefei Radio Communication Technology Co., Ltd
@ -47333,9 +47297,6 @@ OUI:1869DA*
OUI:186A81*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:186BE2*
ID_OUI_FROM_DATABASE=LYLINK LIMITED
OUI:186D99*
ID_OUI_FROM_DATABASE=Adanis Inc.
@ -48599,9 +48560,6 @@ OUI:1C4D70*
OUI:1C4D89*
ID_OUI_FROM_DATABASE=Hangzhou Huacheng Network Technology Co.,Ltd
OUI:1C4EA2*
ID_OUI_FROM_DATABASE=Shenzhen V-Link Technology CO., LTD.
OUI:1C501E*
ID_OUI_FROM_DATABASE=Sunplus Technology Co., Ltd.
@ -48851,9 +48809,6 @@ OUI:1C77F6*
OUI:1C7839*
ID_OUI_FROM_DATABASE=Shenzhen Tencent Computer System Co., Ltd.
OUI:1C784B*
ID_OUI_FROM_DATABASE=Bouffalo Lab (Nanjing) Co., Ltd.
OUI:1C784E*
ID_OUI_FROM_DATABASE=China Mobile Iot Limited company
@ -49190,9 +49145,6 @@ OUI:1C937C*
OUI:1C93C4*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
OUI:1C9468*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:1C9492*
ID_OUI_FROM_DATABASE=RUAG Schweiz AG
@ -51383,9 +51335,6 @@ OUI:24470E*
OUI:244845*
ID_OUI_FROM_DATABASE=Hangzhou Hikvision Digital Technology Co.,Ltd.
OUI:244885*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:24497B*
ID_OUI_FROM_DATABASE=Innovative Converged Devices Inc
@ -53438,9 +53387,6 @@ OUI:28DB81*
OUI:28DBA7*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:28DE1C*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:28DE59*
ID_OUI_FROM_DATABASE=Domus NTW CORP.
@ -54450,7 +54396,7 @@ OUI:2C691D3*
ID_OUI_FROM_DATABASE=Sunsa, Inc
OUI:2C691D4*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
OUI:2C691D5*
ID_OUI_FROM_DATABASE=LG Electronics Inc.
@ -55226,9 +55172,6 @@ OUI:2CFFEE*
OUI:3000FC*
ID_OUI_FROM_DATABASE=Nokia
OUI:3001AF*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:3003C8*
ID_OUI_FROM_DATABASE=CLOUD NETWORK TECHNOLOGY SINGAPORE PTE. LTD.
@ -56402,9 +56345,6 @@ OUI:30E3D6*
OUI:30E48E*
ID_OUI_FROM_DATABASE=Vodafone UK
OUI:30E4D8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30E4DB*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -56420,9 +56360,6 @@ OUI:30E98E*
OUI:30EA26*
ID_OUI_FROM_DATABASE=Sycada BV
OUI:30EB15*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:30EB1F*
ID_OUI_FROM_DATABASE=Skylab M&C Technology Co.,Ltd
@ -57200,9 +57137,6 @@ OUI:346F92*
OUI:346FED*
ID_OUI_FROM_DATABASE=Enovation Controls
OUI:347069*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:347146*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
@ -57953,9 +57887,6 @@ OUI:34F39A*
OUI:34F39B*
ID_OUI_FROM_DATABASE=WizLAN Ltd.
OUI:34F5D7*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:34F62D*
ID_OUI_FROM_DATABASE=SHARP Corporation
@ -58451,9 +58382,6 @@ OUI:384C4F*
OUI:384C90*
ID_OUI_FROM_DATABASE=Commscope
OUI:384DD2*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:384F49*
ID_OUI_FROM_DATABASE=Juniper Networks
@ -60722,9 +60650,6 @@ OUI:3CE624*
OUI:3CE824*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:3CE86E*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:3CE90E*
ID_OUI_FROM_DATABASE=Espressif Inc.
@ -63059,9 +62984,6 @@ OUI:44AAE8*
OUI:44AAF5*
ID_OUI_FROM_DATABASE=Commscope
OUI:44AC85*
ID_OUI_FROM_DATABASE=eero inc.
OUI:44AD19*
ID_OUI_FROM_DATABASE=XINGFEI H.KLIMITED
@ -63434,9 +63356,6 @@ OUI:44F477*
OUI:44F4E7*
ID_OUI_FROM_DATABASE=Cohesity Inc
OUI:44F53E*
ID_OUI_FROM_DATABASE=Earda Technologies co Ltd
OUI:44F770*
ID_OUI_FROM_DATABASE=Beijing Xiaomi Mobile Software Co., Ltd
@ -67529,9 +67448,6 @@ OUI:50E039*
OUI:50E085*
ID_OUI_FROM_DATABASE=Intel Corporate
OUI:50E099*
ID_OUI_FROM_DATABASE=HangZhou Atuo Future Technology Co., Ltd
OUI:50E0C7*
ID_OUI_FROM_DATABASE=TurControlSystme AG
@ -68321,9 +68237,6 @@ OUI:547D40*
OUI:547DCD*
ID_OUI_FROM_DATABASE=Texas Instruments
OUI:547E1A*
ID_OUI_FROM_DATABASE=Kaon Group Co., Ltd.
OUI:547F54*
ID_OUI_FROM_DATABASE=INGENICO
@ -70028,9 +69941,6 @@ OUI:58DB8D*
OUI:58DC6D*
ID_OUI_FROM_DATABASE=Exceptional Innovation, Inc.
OUI:58DF59*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:58E02C*
ID_OUI_FROM_DATABASE=Micro Technic A/S
@ -70175,9 +70085,6 @@ OUI:58F987*
OUI:58F98E*
ID_OUI_FROM_DATABASE=SECUDOS GmbH
OUI:58FB3E*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:58FB84*
ID_OUI_FROM_DATABASE=Intel Corporate
@ -74531,9 +74438,6 @@ OUI:684F64*
OUI:68505D*
ID_OUI_FROM_DATABASE=Halo Technologies
OUI:68508C*
ID_OUI_FROM_DATABASE=Shanghai Sunmi Technology Co.,Ltd.
OUI:685134*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
@ -74945,9 +74849,6 @@ OUI:689A87*
OUI:689AB7*
ID_OUI_FROM_DATABASE=Atelier Vision Corporation
OUI:689B43*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:689C5E*
ID_OUI_FROM_DATABASE=AcSiP Technology Corp.
@ -94557,7 +94458,7 @@ OUI:7CBD06*
ID_OUI_FROM_DATABASE=AE REFUsol
OUI:7CBF77*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
OUI:7CBF88*
ID_OUI_FROM_DATABASE=Mobilicom LTD
@ -95201,9 +95102,6 @@ OUI:802E14*
OUI:802EC3*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:802EDE*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:802FDE*
ID_OUI_FROM_DATABASE=Zurich Instruments AG
@ -95279,9 +95177,6 @@ OUI:803C20*
OUI:803E48*
ID_OUI_FROM_DATABASE=SHENZHEN GONGJIN ELECTRONICS CO.,LT
OUI:803E4F*
ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd.
OUI:803F5D*
ID_OUI_FROM_DATABASE=Winstars Technology Ltd
@ -95531,9 +95426,6 @@ OUI:8077A4*
OUI:807871*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:807933*
ID_OUI_FROM_DATABASE=Aigentec Technology(Zhejiang) Co., Ltd.
OUI:80795D*
ID_OUI_FROM_DATABASE=Infinix mobility limited
@ -97898,9 +97790,6 @@ OUI:884477*
OUI:8844F6*
ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:8845F0*
ID_OUI_FROM_DATABASE=GUANGDONG GENIUS TECHNOLOGY CO., LTD.
OUI:884604*
ID_OUI_FROM_DATABASE=Xiaomi Communications Co Ltd
@ -99683,9 +99572,6 @@ OUI:8C1F64154*
OUI:8C1F64155*
ID_OUI_FROM_DATABASE=SLAT
OUI:8C1F64159*
ID_OUI_FROM_DATABASE=Mediana Co., Ltd.
OUI:8C1F6415A*
ID_OUI_FROM_DATABASE=ASHIDA Electronics Pvt. Ltd
@ -99812,9 +99698,6 @@ OUI:8C1F641B9*
OUI:8C1F641BB*
ID_OUI_FROM_DATABASE=Renwei Electronics Technology (Shenzhen) Co.,LTD.
OUI:8C1F641BC*
ID_OUI_FROM_DATABASE=Transit Solutions, LLC.
OUI:8C1F641BD*
ID_OUI_FROM_DATABASE=DORLET SAU
@ -99914,9 +99797,6 @@ OUI:8C1F64203*
OUI:8C1F64204*
ID_OUI_FROM_DATABASE=castcore
OUI:8C1F64206*
ID_OUI_FROM_DATABASE=KRYFS TECHNOLOGIES PRIVATE LIMITED
OUI:8C1F64208*
ID_OUI_FROM_DATABASE=Sichuan AnSphere Technology Co. Ltd.
@ -100493,9 +100373,6 @@ OUI:8C1F64392*
OUI:8C1F64393*
ID_OUI_FROM_DATABASE=GRE SYSTEM INC.
OUI:8C1F64394*
ID_OUI_FROM_DATABASE=Ceranext Ltd
OUI:8C1F64395*
ID_OUI_FROM_DATABASE=Beijing Ceresdata Technology Co., LTD
@ -100688,9 +100565,6 @@ OUI:8C1F64417*
OUI:8C1F64419*
ID_OUI_FROM_DATABASE=Naval Group
OUI:8C1F6441B*
ID_OUI_FROM_DATABASE=ENERGY POWER PRODUCTS LIMITED
OUI:8C1F6441C*
ID_OUI_FROM_DATABASE=KSE GmbH
@ -102140,9 +102014,6 @@ OUI:8C1F64803*
OUI:8C1F64804*
ID_OUI_FROM_DATABASE=EA Elektro-Automatik
OUI:8C1F64806*
ID_OUI_FROM_DATABASE=Matrixspace
OUI:8C1F64807*
ID_OUI_FROM_DATABASE=GIORDANO CONTROLS SPA
@ -102749,9 +102620,6 @@ OUI:8C1F649B3*
OUI:8C1F649B6*
ID_OUI_FROM_DATABASE=GS Elektromedizinsiche Geräte G. Stemple GmbH
OUI:8C1F649B8*
ID_OUI_FROM_DATABASE=Makel Elektrik Malzemeleri A.Ş.
OUI:8C1F649B9*
ID_OUI_FROM_DATABASE=QUERCUS TECHNOLOGIES, S.L.
@ -104498,9 +104366,6 @@ OUI:8C1F64E80*
OUI:8C1F64E86*
ID_OUI_FROM_DATABASE=ComVetia AG
OUI:8C1F64E88*
ID_OUI_FROM_DATABASE=SiFive Inc
OUI:8C1F64E89*
ID_OUI_FROM_DATABASE=PADL Software Pty Ltd
@ -104963,9 +104828,6 @@ OUI:8C1F64FDA*
OUI:8C1F64FDC*
ID_OUI_FROM_DATABASE=Nuphoton Technologies
OUI:8C1F64FDF*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company
OUI:8C1F64FE0*
ID_OUI_FROM_DATABASE=Potter Electric Signal Company
@ -108386,9 +108248,6 @@ OUI:94A04E*
OUI:94A07D*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:94A081*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:94A1A2*
ID_OUI_FROM_DATABASE=AMPAK Technology, Inc.
@ -109253,9 +109112,6 @@ OUI:981E0F*
OUI:981E19*
ID_OUI_FROM_DATABASE=Sagemcom Broadband SAS
OUI:981E89*
ID_OUI_FROM_DATABASE=Tianyi Telecom Terminals Company Limited
OUI:981FB1*
ID_OUI_FROM_DATABASE=Shenzhen Lemon Network Technology Co.,Ltd
@ -109985,9 +109841,6 @@ OUI:98A404*
OUI:98A40E*
ID_OUI_FROM_DATABASE=Snap, Inc.
OUI:98A44E*
ID_OUI_FROM_DATABASE=IEC Technologies S. de R.L de C.V.
OUI:98A5F9*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -111422,9 +111275,6 @@ OUI:9CB793*
OUI:9CB8B4*
ID_OUI_FROM_DATABASE=AMPAK Technology,Inc.
OUI:9CBAC9*
ID_OUI_FROM_DATABASE=Telit Communication s.p.a
OUI:9CBB98*
ID_OUI_FROM_DATABASE=Shen Zhen RND Electronic Co.,LTD
@ -111860,9 +111710,6 @@ OUI:A00BBA*
OUI:A00CA1*
ID_OUI_FROM_DATABASE=SKTB SKiT
OUI:A00CE2*
ID_OUI_FROM_DATABASE=Shenzhen Shokz Co., Ltd.
OUI:A00E98*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -113954,9 +113801,6 @@ OUI:A47C1F*
OUI:A47CC9*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:A47D78*
ID_OUI_FROM_DATABASE=Edgecore Americas Networking Corporation
OUI:A47D9F*
ID_OUI_FROM_DATABASE=Shenzhen iComm Semiconductor CO.,LTD
@ -115167,7 +115011,7 @@ OUI:A87285*
ID_OUI_FROM_DATABASE=IDT, INC.
OUI:A8741D*
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
OUI:A87484*
ID_OUI_FROM_DATABASE=zte corporation
@ -115274,9 +115118,6 @@ OUI:A88D7B*
OUI:A88E24*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:A88F99*
ID_OUI_FROM_DATABASE=Arista Networks
OUI:A88FD9*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -119387,9 +119228,6 @@ OUI:B4C810*
OUI:B4C9B9*
ID_OUI_FROM_DATABASE=Sichuan AI-Link Technology Co., Ltd.
OUI:B4CADD*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
OUI:B4CB57*
ID_OUI_FROM_DATABASE=GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP.,LTD
@ -120575,9 +120413,6 @@ OUI:B8D4C3*
OUI:B8D4E7*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:B8D4F7*
ID_OUI_FROM_DATABASE=New H3C Technologies Co., Ltd
OUI:B8D50B*
ID_OUI_FROM_DATABASE=Sunitec Enterprise Co.,Ltd
@ -122279,12 +122114,6 @@ OUI:C02C5C*
OUI:C02C7A*
ID_OUI_FROM_DATABASE=Shenzhen Horn Audio Co.,Ltd.
OUI:C02CED*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:C02D2E*
ID_OUI_FROM_DATABASE=China Mobile Group Device Co.,Ltd.
OUI:C02DEE*
ID_OUI_FROM_DATABASE=Cuff
@ -123371,9 +123200,6 @@ OUI:C0F79D*
OUI:C0F827*
ID_OUI_FROM_DATABASE=Rapidmax Technology Corporation
OUI:C0F853*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:C0F87F*
ID_OUI_FROM_DATABASE=Cisco Systems, Inc
@ -126542,9 +126368,6 @@ OUI:CC10A3*
OUI:CC115A*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:CC1228*
ID_OUI_FROM_DATABASE=HISENSE VISUAL TECHNOLOGY CO.,LTD
OUI:CC14A6*
ID_OUI_FROM_DATABASE=Yichun MyEnergy Domain, Inc
@ -126635,9 +126458,6 @@ OUI:CC1FC4*
OUI:CC208C*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:CC20AC*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:CC20E8*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -127217,9 +127037,6 @@ OUI:CC896C*
OUI:CC89FD*
ID_OUI_FROM_DATABASE=Nokia Corporation
OUI:CC8A84*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:CC8C17*
ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED
@ -127545,7 +127362,7 @@ OUI:CCCCCC*
ID_OUI_FROM_DATABASE=Silicon Laboratories
OUI:CCCCEA*
ID_OUI_FROM_DATABASE=Phoenix Contact GmbH & Co. KG
ID_OUI_FROM_DATABASE=PHOENIX CONTACT Electronics GmbH
OUI:CCCD64*
ID_OUI_FROM_DATABASE=SM-Electronic GmbH
@ -130956,7 +130773,7 @@ OUI:D822F4*
ID_OUI_FROM_DATABASE=Avnet Silica
OUI:D823E0*
ID_OUI_FROM_DATABASE=SPEEDTECH CORP. JIO
ID_OUI_FROM_DATABASE=SPEEDTECH CORP.
OUI:D82477*
ID_OUI_FROM_DATABASE=Universal Electric Corporation
@ -131141,9 +130958,6 @@ OUI:D8490B*
OUI:D8492F*
ID_OUI_FROM_DATABASE=CANON INC.
OUI:D849BF*
ID_OUI_FROM_DATABASE=CELESTICA INC.
OUI:D84A2B*
ID_OUI_FROM_DATABASE=zte corporation
@ -131729,9 +131543,6 @@ OUI:D8C771*
OUI:D8C7C8*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:D8C80C*
ID_OUI_FROM_DATABASE=Tuya Smart Inc.
OUI:D8C8E9*
ID_OUI_FROM_DATABASE=Phicomm (Shanghai) Co., Ltd.
@ -132290,9 +132101,6 @@ OUI:DC41A9*
OUI:DC41E5*
ID_OUI_FROM_DATABASE=Shenzhen Zhixin Data Service Co., Ltd.
OUI:DC42C8*
ID_OUI_FROM_DATABASE=Huawei Device Co., Ltd.
OUI:DC44270*
ID_OUI_FROM_DATABASE=Suritel
@ -133367,9 +133175,6 @@ OUI:E021FE*
OUI:E02202*
ID_OUI_FROM_DATABASE=Commscope
OUI:E022A1*
ID_OUI_FROM_DATABASE=AltoBeam Inc.
OUI:E023D7*
ID_OUI_FROM_DATABASE=Sleep Number
@ -135608,9 +135413,6 @@ OUI:E4FC82*
OUI:E4FD45*
ID_OUI_FROM_DATABASE=Intel Corporate
OUI:E4FD8C*
ID_OUI_FROM_DATABASE=Extreme Networks Headquarters
OUI:E4FDA1*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -136676,9 +136478,6 @@ OUI:E8CD2D*
OUI:E8CE06*
ID_OUI_FROM_DATABASE=SkyHawke Technologies, LLC.
OUI:E8CF83*
ID_OUI_FROM_DATABASE=Dell Inc.
OUI:E8D03C*
ID_OUI_FROM_DATABASE=Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd
@ -137513,30 +137312,6 @@ OUI:EC748C*
OUI:EC74BA*
ID_OUI_FROM_DATABASE=Hirschmann Automation and Control GmbH
OUI:EC74CD3*
ID_OUI_FROM_DATABASE=iSolution Technologies Co.,Ltd.
OUI:EC74CD5*
ID_OUI_FROM_DATABASE=Standard Backhaul Communications
OUI:EC74CD6*
ID_OUI_FROM_DATABASE=Platypus
OUI:EC74CD8*
ID_OUI_FROM_DATABASE=TRANS AUDIO VIDEO SRL
OUI:EC74CD9*
ID_OUI_FROM_DATABASE=Sound Health Systems
OUI:EC74CDA*
ID_OUI_FROM_DATABASE=Bosch (zhuhai) Security Systems Company, Ltd.
OUI:EC74CDB*
ID_OUI_FROM_DATABASE=Hitachi Rail GTS Austria GmbH
OUI:EC74CDD*
ID_OUI_FROM_DATABASE=Shenzhen Ting-Shine Technology Co., Ltd.
OUI:EC74D7*
ID_OUI_FROM_DATABASE=Grandstream Networks Inc
@ -143327,9 +143102,6 @@ OUI:FCB467*
OUI:FCB4E6*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:FCB577*
ID_OUI_FROM_DATABASE=Cortex Security Inc
OUI:FCB585*
ID_OUI_FROM_DATABASE=Shenzhen Water World Information Co.,Ltd.
@ -143387,9 +143159,6 @@ OUI:FCC23D*
OUI:FCC2DE*
ID_OUI_FROM_DATABASE=Murata Manufacturing Co., Ltd.
OUI:FCC2E5*
ID_OUI_FROM_DATABASE=HOLOWITS TECHNOLOGIES CO.,LTD
OUI:FCC734*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd

View File

@ -2019,6 +2019,9 @@ acpi:DEL*:
acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEM*:
ID_VENDOR_FROM_DATABASE=DemoPad Software Ltd
acpi:DEN*:
ID_VENDOR_FROM_DATABASE=Densitron Computers Ltd

View File

@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base 2024-11-15 17:16:38.971258201 +0000
+++ 20-acpi-vendor.hwdb 2024-11-15 17:16:38.979258339 +0000
--- 20-acpi-vendor.hwdb.base 2024-11-06 10:40:14.734611315 +0000
+++ 20-acpi-vendor.hwdb 2024-11-06 10:40:14.738611667 +0000
@@ -3,6 +3,8 @@
# Data imported from:
# https://uefi.org/uefi-pnp-export
@ -137,7 +137,7 @@
acpi:COI*:
ID_VENDOR_FROM_DATABASE=Codec Inc.
@@ -2060,7 +2089,7 @@
@@ -2063,7 +2092,7 @@
ID_VENDOR_FROM_DATABASE=Dragon Information Technology
acpi:DJE*:
@ -146,7 +146,7 @@
acpi:DJP*:
ID_VENDOR_FROM_DATABASE=Maygay Machines, Ltd
@@ -2413,6 +2442,9 @@
@@ -2416,6 +2445,9 @@
acpi:EIN*:
ID_VENDOR_FROM_DATABASE=Elegant Invention
@ -156,7 +156,7 @@
acpi:EKA*:
ID_VENDOR_FROM_DATABASE=MagTek Inc.
@@ -2683,6 +2715,9 @@
@@ -2686,6 +2718,9 @@
acpi:FCG*:
ID_VENDOR_FROM_DATABASE=First International Computer Ltd
@ -166,7 +166,7 @@
acpi:FCS*:
ID_VENDOR_FROM_DATABASE=Focus Enhancements, Inc.
@@ -3059,7 +3094,7 @@
@@ -3062,7 +3097,7 @@
ID_VENDOR_FROM_DATABASE=General Standards Corporation
acpi:GSM*:
@ -175,7 +175,7 @@
acpi:GSN*:
ID_VENDOR_FROM_DATABASE=Grandstream Networks, Inc.
@@ -3169,6 +3204,9 @@
@@ -3172,6 +3207,9 @@
acpi:HEC*:
ID_VENDOR_FROM_DATABASE=Hisense Electric Co., Ltd.
@ -185,7 +185,7 @@
acpi:HEL*:
ID_VENDOR_FROM_DATABASE=Hitachi Micro Systems Europe Ltd
@@ -3304,6 +3342,9 @@
@@ -3307,6 +3345,9 @@
acpi:HSD*:
ID_VENDOR_FROM_DATABASE=HannStar Display Corp
@ -195,7 +195,7 @@
acpi:HSM*:
ID_VENDOR_FROM_DATABASE=AT&T Microelectronics
@@ -3430,6 +3471,9 @@
@@ -3433,6 +3474,9 @@
acpi:ICI*:
ID_VENDOR_FROM_DATABASE=Infotek Communication Inc
@ -205,7 +205,7 @@
acpi:ICM*:
ID_VENDOR_FROM_DATABASE=Intracom SA
@@ -3526,6 +3570,9 @@
@@ -3529,6 +3573,9 @@
acpi:IKE*:
ID_VENDOR_FROM_DATABASE=Ikegami Tsushinki Co. Ltd.
@ -215,7 +215,7 @@
acpi:IKS*:
ID_VENDOR_FROM_DATABASE=Ikos Systems Inc
@@ -3574,6 +3621,9 @@
@@ -3577,6 +3624,9 @@
acpi:IMX*:
ID_VENDOR_FROM_DATABASE=arpara Technology Co., Ltd.
@ -225,7 +225,7 @@
acpi:INA*:
ID_VENDOR_FROM_DATABASE=Inventec Corporation
@@ -4102,6 +4152,9 @@
@@ -4105,6 +4155,9 @@
acpi:LAN*:
ID_VENDOR_FROM_DATABASE=Sodeman Lancom Inc
@ -235,7 +235,7 @@
acpi:LAS*:
ID_VENDOR_FROM_DATABASE=LASAT Comm. A/S
@@ -4153,6 +4206,9 @@
@@ -4156,6 +4209,9 @@
acpi:LED*:
ID_VENDOR_FROM_DATABASE=Long Engineering Design Inc
@ -245,7 +245,7 @@
acpi:LEG*:
ID_VENDOR_FROM_DATABASE=Legerity, Inc
@@ -4171,6 +4227,9 @@
@@ -4174,6 +4230,9 @@
acpi:LGD*:
ID_VENDOR_FROM_DATABASE=LG Display
@ -255,7 +255,7 @@
acpi:LGI*:
ID_VENDOR_FROM_DATABASE=Logitech Inc
@@ -4237,6 +4296,9 @@
@@ -4240,6 +4299,9 @@
acpi:LND*:
ID_VENDOR_FROM_DATABASE=Land Computer Company Ltd
@ -265,7 +265,7 @@
acpi:LNK*:
ID_VENDOR_FROM_DATABASE=Link Tech Inc
@@ -4271,7 +4333,7 @@
@@ -4274,7 +4336,7 @@
ID_VENDOR_FROM_DATABASE=Design Technology
acpi:LPL*:
@ -274,7 +274,7 @@
acpi:LSC*:
ID_VENDOR_FROM_DATABASE=LifeSize Communications
@@ -4447,6 +4509,9 @@
@@ -4450,6 +4512,9 @@
acpi:MCX*:
ID_VENDOR_FROM_DATABASE=Millson Custom Solutions Inc.
@ -284,7 +284,7 @@
acpi:MDA*:
ID_VENDOR_FROM_DATABASE=Media4 Inc
@@ -4693,6 +4758,9 @@
@@ -4696,6 +4761,9 @@
acpi:MOM*:
ID_VENDOR_FROM_DATABASE=Momentum Data Systems
@ -294,7 +294,7 @@
acpi:MOS*:
ID_VENDOR_FROM_DATABASE=Moses Corporation
@@ -4933,6 +5001,9 @@
@@ -4936,6 +5004,9 @@
acpi:NAL*:
ID_VENDOR_FROM_DATABASE=Network Alchemy
@ -304,7 +304,7 @@
acpi:NAT*:
ID_VENDOR_FROM_DATABASE=NaturalPoint Inc.
@@ -5473,6 +5544,9 @@
@@ -5476,6 +5547,9 @@
acpi:PCX*:
ID_VENDOR_FROM_DATABASE=PC Xperten
@ -314,7 +314,7 @@
acpi:PDM*:
ID_VENDOR_FROM_DATABASE=Psion Dacom Plc.
@@ -5536,9 +5610,6 @@
@@ -5539,9 +5613,6 @@
acpi:PHE*:
ID_VENDOR_FROM_DATABASE=Philips Medical Systems Boeblingen GmbH
@ -324,7 +324,7 @@
acpi:PHL*:
ID_VENDOR_FROM_DATABASE=Philips Consumer Electronics Company
@@ -5629,9 +5700,6 @@
@@ -5632,9 +5703,6 @@
acpi:PNL*:
ID_VENDOR_FROM_DATABASE=Panelview, Inc.
@ -334,7 +334,7 @@
acpi:PNR*:
ID_VENDOR_FROM_DATABASE=Planar Systems, Inc.
@@ -6109,9 +6177,6 @@
@@ -6112,9 +6180,6 @@
acpi:RTI*:
ID_VENDOR_FROM_DATABASE=Rancho Tech Inc
@ -344,7 +344,7 @@
acpi:RTL*:
ID_VENDOR_FROM_DATABASE=Realtek Semiconductor Company Ltd
@@ -6286,9 +6351,6 @@
@@ -6289,9 +6354,6 @@
acpi:SEE*:
ID_VENDOR_FROM_DATABASE=SeeColor Corporation
@ -354,7 +354,7 @@
acpi:SEI*:
ID_VENDOR_FROM_DATABASE=Seitz & Associates Inc
@@ -6772,6 +6834,9 @@
@@ -6775,6 +6837,9 @@
acpi:SVD*:
ID_VENDOR_FROM_DATABASE=SVD Computer
@ -364,7 +364,7 @@
acpi:SVI*:
ID_VENDOR_FROM_DATABASE=Sun Microsystems
@@ -6856,6 +6921,9 @@
@@ -6859,6 +6924,9 @@
acpi:SZM*:
ID_VENDOR_FROM_DATABASE=Shenzhen MTC Co., Ltd
@ -374,7 +374,7 @@
acpi:TAA*:
ID_VENDOR_FROM_DATABASE=Tandberg
@@ -6946,6 +7014,9 @@
@@ -6949,6 +7017,9 @@
acpi:TDG*:
ID_VENDOR_FROM_DATABASE=Six15 Technologies
@ -384,7 +384,7 @@
acpi:TDM*:
ID_VENDOR_FROM_DATABASE=Tandem Computer Europe Inc
@@ -6988,6 +7059,9 @@
@@ -6991,6 +7062,9 @@
acpi:TEV*:
ID_VENDOR_FROM_DATABASE=Televés, S.A.
@ -394,7 +394,7 @@
acpi:TEZ*:
ID_VENDOR_FROM_DATABASE=Tech Source Inc.
@@ -7117,9 +7191,6 @@
@@ -7120,9 +7194,6 @@
acpi:TNC*:
ID_VENDOR_FROM_DATABASE=TNC Industrial Company Ltd
@ -404,7 +404,7 @@
acpi:TNM*:
ID_VENDOR_FROM_DATABASE=TECNIMAGEN SA
@@ -7429,14 +7500,14 @@
@@ -7432,14 +7503,14 @@
acpi:UNC*:
ID_VENDOR_FROM_DATABASE=Unisys Corporation
@ -425,7 +425,7 @@
acpi:UNI*:
ID_VENDOR_FROM_DATABASE=Uniform Industry Corp.
@@ -7471,6 +7542,9 @@
@@ -7474,6 +7545,9 @@
acpi:USA*:
ID_VENDOR_FROM_DATABASE=Utimaco Safeware AG
@ -435,7 +435,7 @@
acpi:USD*:
ID_VENDOR_FROM_DATABASE=U.S. Digital Corporation
@@ -7732,9 +7806,6 @@
@@ -7735,9 +7809,6 @@
acpi:WAL*:
ID_VENDOR_FROM_DATABASE=Wave Access
@ -445,7 +445,7 @@
acpi:WAV*:
ID_VENDOR_FROM_DATABASE=Wavephore
@@ -7862,7 +7933,7 @@
@@ -7865,7 +7936,7 @@
ID_VENDOR_FROM_DATABASE=WyreStorm Technologies LLC
acpi:WYS*:
@ -454,7 +454,7 @@
acpi:WYT*:
ID_VENDOR_FROM_DATABASE=Wooyoung Image & Information Co.,Ltd.
@@ -7876,9 +7947,6 @@
@@ -7879,9 +7950,6 @@
acpi:XDM*:
ID_VENDOR_FROM_DATABASE=XDM Ltd.
@ -464,7 +464,7 @@
acpi:XES*:
ID_VENDOR_FROM_DATABASE=Extreme Engineering Solutions, Inc.
@@ -7912,9 +7980,6 @@
@@ -7915,9 +7983,6 @@
acpi:XNT*:
ID_VENDOR_FROM_DATABASE=XN Technologies, Inc.
@ -474,7 +474,7 @@
acpi:XQU*:
ID_VENDOR_FROM_DATABASE=SHANGHAI SVA-DAV ELECTRONICS CO., LTD
@@ -7981,6 +8046,9 @@
@@ -7984,6 +8049,9 @@
acpi:ZBX*:
ID_VENDOR_FROM_DATABASE=Zebax Technologies

View File

@ -1438,11 +1438,6 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
###########################################################
# Maxdata
###########################################################

View File

@ -376,12 +376,11 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B/i18D)
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni18D:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
# Cube iWork 10 Flagship
@ -953,15 +952,6 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
#########################################
# Pine64
#########################################
# PineTab2
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
#########################################
# Pipo
#########################################

File diff suppressed because it is too large Load Diff

View File

@ -770,6 +770,12 @@ C00000-CFFFFF (base 16) HANGZHOU ZHONGKEJIGUANG TECHNOLOGY CO., LTD
HANGZHOU Zhejiang 310018
CN
2C-69-1D (hex) SPEEDTECH CORP.
400000-4FFFFF (base 16) SPEEDTECH CORP.
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
2C-69-1D (hex) IBM
800000-8FFFFF (base 16) IBM
9000 South Rita Rd
@ -6782,30 +6788,6 @@ AC-EF-92 (hex) CEER NATIONAL AUTOMOTIVE COMPANY
Shanghai 201316
CN
0C-47-A9 (hex) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
600000-6FFFFF (base 16) Shenzhen Hahappylife Innovations Electronics Technology Co.,Ltd
103, Bldg1, Meicheng Ind Park, No.4, Xinhe St, Maantang Community, Bantian St, Longgang Dist
Shenzhen Guangdong 518000
CN
EC-74-CD (hex) Bosch (zhuhai) Security Systems Company, Ltd.
A00000-AFFFFF (base 16) Bosch (zhuhai) Security Systems Company, Ltd.
20 Ji Chang Bei Road, Qingwan Industrial Estate, | Sanzao Town, Jinwan District
Zhuhai Guangdong 519040
CN
0C-47-A9 (hex) Shanghai Sigen New Energy Technology Co., Ltd
900000-9FFFFF (base 16) Shanghai Sigen New Energy Technology Co., Ltd
Room 514 The 5th Floor, No.175 Weizhan Road China (Shanghai) Plilot Free Trade Zone
Shanghai 201306
CN
2C-69-1D (hex) SPEEDTECH CORP. JIO
400000-4FFFFF (base 16) SPEEDTECH CORP. JIO
No. 568, Sec. 1, Minsheng N. Rd., Guishan Dist., Taoyuan City 338, Taiwan
Taoyuan 338
TW
B8-4C-87 (hex) Shenzhen Link-all Technology Co., Ltd
300000-3FFFFF (base 16) Shenzhen Link-all Technology Co., Ltd
Floor 5th, Block 9th, Sunny Industrial Zone, Xili Town, Nanshan District, Shenzhen, China
@ -13091,18 +13073,6 @@ A00000-AFFFFF (base 16) Lens Technology (Xiangtan) Co.,Ltd
Xiangtan Hunan 411100
CN
EC-74-CD (hex) Shenzhen Ting-Shine Technology Co., Ltd.
D00000-DFFFFF (base 16) Shenzhen Ting-Shine Technology Co., Ltd.
No. 148, Huarong Road, Longhua District, Shenzhen
Shenzhen Guangdong 518083
CN
EC-74-CD (hex) iSolution Technologies Co.,Ltd.
300000-3FFFFF (base 16) iSolution Technologies Co.,Ltd.
5F,Bldg #6, Zhongguan Honghualing Industrial South Park
Shenzhen Guangdong 518055
CN
B8-4C-87 (hex) Altronix , Corp
A00000-AFFFFF (base 16) Altronix , Corp
140 58th St. Bldg A, Ste 2N
@ -19892,48 +19862,6 @@ AC-EF-92 (hex) JiZhiKang (Beijing) Technology Co., Ltd
Beijing 100176
CN
0C-47-A9 (hex) HONGKONG STONEOIM TECHNOLOGY LIMITED
300000-3FFFFF (base 16) HONGKONG STONEOIM TECHNOLOGY LIMITED
UNIT 1507C,15/F,EASTCORE 398 KWUN TONG ROAD KWUN TONG KL
hongkong hongkong 999077
HK
0C-47-A9 (hex) Annapurna labs
200000-2FFFFF (base 16) Annapurna labs
Matam Scientific Industries Center, Building 8.2
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) BGResearch
E00000-EFFFFF (base 16) BGResearch
5, The Business Centre, Harvard Way, Kimbolton,
Huntingdon. Cambridgeshire PE28 0NJ
GB
EC-74-CD (hex) Platypus
600000-6FFFFF (base 16) Platypus
6, Wonteo-ro 110beon-gil, Jungwon-gu
Gyeonggi-do Seongnam-si 13360
KR
EC-74-CD (hex) Sound Health Systems
900000-9FFFFF (base 16) Sound Health Systems
650B Fremont Ave #65
Los Altos CA 94024
US
EC-74-CD (hex) Hitachi Rail GTS Austria GmbH
B00000-BFFFFF (base 16) Hitachi Rail GTS Austria GmbH
Handelskai 92
Vienna 1200
AT
EC-74-CD (hex) Standard Backhaul Communications
500000-5FFFFF (base 16) Standard Backhaul Communications
333 South Highland Ave
Briarcliff Manor 10510
US
D0-14-11 (hex) P.B. Elettronica srl
100000-1FFFFF (base 16) P.B. Elettronica srl
Via Santorelli, 8
@ -26531,12 +26459,6 @@ C00000-CFFFFF (base 16) Senix
0C-47-A9 (hex) Private
400000-4FFFFF (base 16) Private
0C-47-A9 (hex) Honest Networks LLC
800000-8FFFFF (base 16) Honest Networks LLC
15 Maiden LnSte 1101
New York NY 10038
US
C8-5C-E2 (hex) Fela Management AG
000000-0FFFFF (base 16) Fela Management AG
Basadingerstrasse 18
@ -33284,20 +33206,8 @@ C00000-CFFFFF (base 16) Annapurna labs
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) Everon Co., Ltd.
500000-5FFFFF (base 16) Everon Co., Ltd.
3F.Pine Avenue B, 100, Eulji-ro, Jung-gu
Seoul 04551
KR
0C-47-A9 (hex) Shenzhen Hebang Electronic Co., Ltd
B00000-BFFFFF (base 16) Shenzhen Hebang Electronic Co., Ltd
2nd Floor West, Bldg B, Kelunte Low Carbon Industry Park, Huarong Road, Dalang, Longhua District
Shenzhen 518000
CN
EC-74-CD (hex) TRANS AUDIO VIDEO SRL
800000-8FFFFF (base 16) TRANS AUDIO VIDEO SRL
Viale Melvin Jones 12
Caserta CE 81100
IT

View File

@ -7457,24 +7457,6 @@ D04000-D04FFF (base 16) Plenty Unlimited Inc
HongKong 999077
HK
8C-1F-64 (hex) KRYFS TECHNOLOGIES PRIVATE LIMITED
206000-206FFF (base 16) KRYFS TECHNOLOGIES PRIVATE LIMITED
SURVEY NO 231 KHERDI MAIN ROAD NEAR HPCL KHERDI SILVASSA
SILVASSA DADRA AND NAGAR HAVELI 396230
IN
8C-1F-64 (hex) Matrixspace
806000-806FFF (base 16) Matrixspace
1721 Moon Lake BlvdSTE 200
Hoffman Estates IL 60169
US
8C-1F-64 (hex) ENERGY POWER PRODUCTS LIMITED
41B000-41BFFF (base 16) ENERGY POWER PRODUCTS LIMITED
7/F, Room 701, Lucky Centre, 165-171, Wanchai Road
Wanchai 000000
HK
8C-1F-64 (hex) Jacobs Technology, Inc.
A98000-A98FFF (base 16) Jacobs Technology, Inc.
7765 Old Telegraph Road
@ -22379,12 +22361,6 @@ A8C000-A8CFFF (base 16) Elektronik Art
Lublin Lublin 20234
PL
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Wuhan YiValley Opto-electric technology Co.,Ltd
175000-175FFF (base 16) Wuhan YiValley Opto-electric technology Co.,Ltd
A104,1st stage Juxian Building, Hongshan internatinoal enterprise center
@ -22403,6 +22379,12 @@ C60000-C60FFF (base 16) Intelligent Security Systems (ISS)
Woodbridge NJ 07095
US
8C-1F-64 (hex) Anduril Imaging
763000-763FFF (base 16) Anduril Imaging
83 Hartwell Ave
Lexington MA 02421
US
8C-1F-64 (hex) Flow Power
82B000-82BFFF (base 16) Flow Power
Suite 2, Level 3, 18 - 20 York St
@ -29903,42 +29885,12 @@ BA7000-BA7FFF (base 16) iLensys Technologies PVT LTD
Thiruvananthapuram KERALA 695014
IN
8C-1F-64 (hex) Potter Electric Signal Company
FDF000-FDFFFF (base 16) Potter Electric Signal Company
5757 Phantom Drive
Hazelwood MO 63042
US
8C-1F-64 (hex) Hurry-tech
F19000-F19FFF (base 16) Hurry-tech
Greenland Central Plaza ,Building 1 of Yard 9,Room 601
Beijing Beijing 100089
CN
8C-1F-64 (hex) Transit Solutions, LLC.
1BC000-1BCFFF (base 16) Transit Solutions, LLC.
114 West Grandview Avenue
Zelienople PA 16063
US
8C-1F-64 (hex) Ceranext Ltd
394000-394FFF (base 16) Ceranext Ltd
25-27 Demostheni Severi ,Metropolis Tower,Building B',1080 Cyprus
Nicosia 1080
CY
8C-1F-64 (hex) SiFive Inc
E88000-E88FFF (base 16) SiFive Inc
2625 Augustine DriveSuite 101
Santa Clara CA 95054
US
8C-1F-64 (hex) Makel Elektrik Malzemeleri A.Ş.
9B8000-9B8FFF (base 16) Makel Elektrik Malzemeleri A.Ş.
Osmangazi Mah.Mareşal Fevzi Çakmak Cad. No:38 KIRAÇ / Esenyurt
ESENYURT İstanbul 34522
TR
8C-1F-64 (hex) Mobileye
D63000-D63FFF (base 16) Mobileye
13 Hartom st.
@ -37342,9 +37294,3 @@ BD9000-BD9FFF (base 16) WATTS
C. Valportillo Segunda, 8 bis
Alcobendas Madrid 28108
ES
8C-1F-64 (hex) Mediana Co., Ltd.
159000-159FFF (base 16) Mediana Co., Ltd.
132, Donghwagongdan-ro, Munmak-eup
Wonju-si Gangwon-do 26365
KR

View File

@ -2540,6 +2540,7 @@ AVARRO,RRO,08/07/2023
"LUMINO Licht Elektronik GmbH",LLT,11/07/2023
"Reonel Oy",RNL,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024
DemoPad Software Ltd,DEM,01/04/2024
"TeamViewer Germany GmbH",TMV,01/04/2024
"Pixio USA",PXO,02/14/2024
"ELARABY COMPANY FOR ENGINEERING INDUSTRIES",EEI,02/14/2024

1 Company PNP ID Approved On Date
2540 LUMINO Licht Elektronik GmbH LLT 11/07/2023
2541 Reonel Oy RNL 01/04/2024
2542 DemoPad Software Ltd DEM 01/04/2024
2543 DemoPad Software Ltd DEM 01/04/2024
2544 TeamViewer Germany GmbH TMV 01/04/2024
2545 Pixio USA PXO 02/14/2024
2546 ELARABY COMPANY FOR ENGINEERING INDUSTRIES EEI 02/14/2024

View File

@ -903,7 +903,7 @@
<term><option>tpm2-pcrlock=</option></term>
<listitem><para>Takes an absolute path to a TPM2 pcrlock policy file, as produced by the
<citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>1</manvolnum></citerefentry>
tool. This permits locking LUKS2 volumes to a local policy of allowed PCR values with
variants. See
<citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>

View File

@ -91,7 +91,7 @@
configures the time to wait for the connectivity to get restored. If the server is
not reachable over the network for the configured time, <command>systemd-journal-upload</command>
exits. Takes a value in seconds (or in other time units if suffixed with "ms", "min", "h", etc).
For details, see <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
For details, see <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
<xi:include href="version-info.xml" xpointer="v249"/></listitem>

View File

@ -421,7 +421,7 @@
<term><varname>rd.systemd.verity=</varname></term>
<term><varname>systemd.verity_root_data=</varname></term>
<term><varname>systemd.verity_root_hash=</varname></term>
<term><varname>systemd.verity_root_options=</varname></term>
<term><varname>systemd.verity.root_options=</varname></term>
<term><varname>usrhash=</varname></term>
<term><varname>systemd.verity_usr_data=</varname></term>
<term><varname>systemd.verity_usr_hash=</varname></term>

View File

@ -82,7 +82,7 @@
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>libudev</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>libudev</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><ulink url="https://systemd.io/PORTABILITY_AND_STABILITY/">Interface Portability and Stability Promise</ulink></member>
</simplelist></para>

View File

@ -175,7 +175,7 @@ netgroup: nis</programlisting>
<member><citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>nsswitch.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -259,7 +259,7 @@ node /org/freedesktop/hostname1 {
are not necessary. Use
<citerefentry project="man-pages"><refentrytitle>gethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry>,
<filename>/etc/hostname</filename> (possibly with per-distribution fallbacks), and
<citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for that. For more information on these files and syscalls see the respective man pages.</para>
<para><varname>KernelName</varname>, <varname>KernelRelease</varname>, and
@ -376,7 +376,7 @@ node /org/freedesktop/hostname1 {
<para>To properly handle name lookups with changing local hostnames without having to edit
<filename>/etc/hosts</filename>, we recommend using <filename>systemd-hostnamed</filename> in combination
with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
with <citerefentry><refentrytitle>nss-myhostname</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para>Here are some recommendations to follow when generating a static (internet) hostname from a pretty

View File

@ -1553,7 +1553,7 @@ node /org/freedesktop/systemd1 {
<para>Similarly, <function>PresetUnitFiles()</function> enables/disables one or more unit files
according to the preset policy. See
<citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more
<citerefentry><refentrytitle>systemd.preset</refentrytitle><manvolnum>7</manvolnum></citerefentry> for more
information.</para>
<para>Similarly, <function>MaskUnitFiles()</function> masks unit files and
@ -4740,7 +4740,7 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<para><varname>TimeoutStartUSec</varname>, <varname>TimeoutStopUSec</varname> and
<varname>TimeoutAbortUSec</varname> contain the start, stop and abort timeouts, in microseconds. Note
the slight difference in naming when compared to the matching unit file settings (see
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>):
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>7</manvolnum></citerefentry>):
these bus properties strictly use microseconds (and thus are suffixed <varname>…USec</varname>) while
the unit file settings default to a time unit of seconds (and thus are suffixed
<varname>…Sec</varname>), unless a different unit is explicitly specified. This reflects that fact that

View File

@ -992,7 +992,6 @@ manpages = [
'systemd-journald@.service',
'systemd-journald@.socket'],
''],
['systemd-keyutil', '1', [], ''],
['systemd-localed.service', '8', ['systemd-localed'], 'ENABLE_LOCALED'],
['systemd-logind.service', '8', ['systemd-logind'], 'ENABLE_LOGIND'],
['systemd-machine-id-commit.service', '8', [], ''],

View File

@ -289,7 +289,7 @@ int main(int argc, char **argv) {
<member><citerefentry><refentrytitle>sd_id128_get_machine</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>printf</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>

View File

@ -562,7 +562,7 @@
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd_bus_creds_new_from_pid</refentrytitle><manvolnum>2</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>fork</refentrytitle><manvolnum>2</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>execve</refentrytitle><manvolnum>2</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>credentials</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>

View File

@ -56,7 +56,7 @@
parameter. The signal will be sent to path <parameter>path</parameter>, on the interface
<parameter>interface</parameter>, member <parameter>member</parameter>. When this message is
sent, no reply is expected. See
<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>3</manvolnum></citerefentry>
<citerefentry><refentrytitle>sd_bus_message_new_method_call</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for a short description of the meaning of the <parameter>path</parameter>,
<parameter>interface</parameter>, and <parameter>member</parameter> parameters.
</para>

View File

@ -40,7 +40,7 @@
current location in the message <parameter>m</parameter> matches the specified
<parameter>type</parameter> and <parameter>contents</parameter>. If non-zero, parameter
<parameter>type</parameter> must be one of the types specified in
<citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
<citerefentry><refentrytitle>sd_bus_message_append</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
If non-null, parameter <parameter>contents</parameter> must be a valid sequence of complete
types. If both <parameter>type</parameter> and <parameter>contents</parameter> are specified
<parameter>type</parameter> must be a container type.</para>

View File

@ -156,7 +156,7 @@
</variablelist>
<para>In addition, any error returned by
<citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>
<citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>1</manvolnum></citerefentry>
may be returned.</para>
</refsect2>
</refsect1>

View File

@ -111,7 +111,7 @@
</variablelist>
<para>In addition, any error returned by
<citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>
<citerefentry><refentrytitle>sd_bus_send</refentrytitle><manvolnum>1</manvolnum></citerefentry>
may be returned.</para>
</refsect2>
</refsect1>

View File

@ -138,7 +138,7 @@
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-hwdb</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-hwdb</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-hwdb</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -29,7 +29,7 @@
<para>Various OS components process SMBIOS Type 11 vendor strings that a virtual machine manager (VMM)
may set and a virtual machine (VM) receives. SMBIOS Type 11 vendor strings may play a similar role as
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>1</manvolnum></citerefentry>
parameters but generally are under control of the VMM rather than the boot loader or UKI.</para>
<para>For details on SMBIOS Type 11 see the <ulink url="https://www.dmtf.org/standards/smbios/">System
@ -60,7 +60,7 @@
<listitem><para>This allows configuration of additional kernel command line options, and is read by
the kernel UEFI stub. For details see
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
@ -70,7 +70,7 @@
<listitem><para>This allows configuration of additional kernel command line options for Boot Loader
Specification Type 1 entries, and is read by <command>systemd-boot</command>. For details see
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>

View File

@ -265,11 +265,32 @@
</refsect1>
<refsect1>
<title>Unlocking</title>
<title>Options</title>
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -307,45 +328,7 @@
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Simple Enrollment</title>
<para>The following options are understood that may be used to enroll simple user input based
unlocking:</para>
<variablelist>
<varlistentry>
<term><option>--password</option></term>
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
<command>cryptsetup luksAddKey</command>, however may be combined with
<option>--wipe-slot=</option> in one call, see below.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--recovery-key</option></term>
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PKCS#11 Enrollment</title>
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -378,15 +361,7 @@
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FIDO2 Enrollment</title>
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
<variablelist>
<varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -486,15 +461,7 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TPM2 Enrollment</title>
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
<variablelist>
<varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -661,7 +628,7 @@
<listitem><para>Configures a TPM2 pcrlock policy to bind encryption to. Expects a path to a pcrlock
policy file as generated by the
<citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>1</manvolnum></citerefentry>
tool. If a TPM2 device is enrolled and this option is not used but a file
<filename>pcrlock.json</filename> is found in <filename>/run/systemd/</filename> or
<filename>/var/lib/systemd/</filename> it is automatically used. Assign an empty string to turn this
@ -669,15 +636,7 @@
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Other Options</title>
<para>The following additional options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>

View File

@ -1,105 +0,0 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-keyutil"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-keyutil</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-keyutil</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-keyutil</refname>
<refpurpose>Perform various operations on private keys and X.509 certificates</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>systemd-keyutil</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="req">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>systemd-keyutil</command> can be used to perform various operations on private keys and
X.509 certificates.</para>
</refsect1>
<refsect1>
<title>Commands</title>
<variablelist>
<varlistentry>
<term><option>validate</option></term>
<listitem><para>Checks that we can load the private key and certificate specified with
<option>--private-key=</option> and <option>--certificate=</option> respectively.</para>
<para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this
command can be used to cache the PIN in the kernel keyring. The
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control
how long and in which kernel keyring the PIN is cached.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
<varlistentry>
<term><command>public</command></term>
<listitem><para>This commands prints the public key in PEM format extracted from either the
certificate given with <option>--certificate=</option> or the private key given with
<option>--private-key=</option>.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<term><option>--certificate=<replaceable>PATH</replaceable></option></term>
<term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<listitem><para>Set the private key and certificate to use. The <option>--certificate=</option>
option takes a path to a PEM encoded X.509 certificate or a URI that's passed to the OpenSSL provider
configured with <option>--certificate-source</option>. The <option>--certificate-source</option>
takes one of <literal>file</literal> or <literal>provider</literal>, with the latter being followed
by a specific provider identifier, separated with a colon, e.g. <literal>provider:pkcs11</literal>.
The <option>--private-key=</option> option can take a path or a URI that will be passed to the
OpenSSL engine or provider, as specified by <option>--private-key-source=</option> as a
<literal>type:name</literal> tuple, such as <literal>engine:pkcs11</literal>.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd-sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -86,7 +86,7 @@
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-repart</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry project='url'><refentrytitle url='https://btrfs.readthedocs.io/en/latest/mkfs.btrfs.html'>mkfs.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>

View File

@ -104,6 +104,16 @@
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><command>pcrpkey</command></term>
<listitem><para>This commands prints the public key either given with <option>--public-key=</option>,
or extracted from the certificate given with <option>--certificate=</option> or the private key given
with <option>--private-key=</option>.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
</variablelist>
</refsect1>

View File

@ -90,7 +90,7 @@
<member><citerefentry><refentrytitle>random</refentrytitle><manvolnum>4</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>4</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -699,7 +699,7 @@ systemd-repart --make-ddi=sysext \
systemd-sysext refresh</programlisting>
<para>The DDI generated that way may be applied to the system with
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
</example>
</refsect1>

View File

@ -37,7 +37,7 @@
<varname>FailureAction=exit</varname> configured by default, thus ensuring that the system is shut down as soon as
the command completes. The exit status of the command line is propagated to the invoking container manager, if
this applies (which might propagate this further, to the calling shell — e.g.
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> does this). If
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>7</manvolnum></citerefentry> does this). If
this option is used multiple times the unit file will contain multiple <varname>ExecStart=</varname> lines, to
execute all commands in order. The command is started as regular service, i.e. with
<varname>DefaultDependencies=</varname> on. </para>
@ -55,7 +55,7 @@
<title>Example</title>
<para>Use a command like the following to add a user to the user database inside a container run with
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>:</para>
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>7</manvolnum></citerefentry>:</para>
<programlisting># systemd-nspawn -D mycontainer -b systemd.run='"adduser test"'</programlisting>
<para>(Note the requirement for double quoting in the command line above. The first level of quoting ('') is
@ -72,7 +72,7 @@
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>

View File

@ -49,6 +49,22 @@
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
<varlistentry>
<term><option>validate-key</option></term>
<listitem><para>Checks that we can load the private key specified with
<option>--private-key=</option>. </para>
<para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this
command can be used to cache the PIN in the kernel keyring. The
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control
how long and in which kernel keyring the PIN is cached.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
@ -85,6 +101,7 @@
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager"/>
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>
</variablelist>

View File

@ -75,6 +75,9 @@
<listitem><para>An optional <literal>.ucode</literal> section with an initrd containing microcode, to
be handed to the kernel before any other initrd. This initrd must not be compressed.</para></listitem>
<listitem><para>An optional <literal>.fmw</literal> section with the firmware image.
</para></listitem>
<listitem><para>An optional <literal>.splash</literal> section with an image (in the Windows
<filename>.BMP</filename> format) to show on screen before invoking the kernel.</para></listitem>
@ -91,15 +94,6 @@
the same matching procedure. If a match is found, that <literal>.dtbauto</literal> section will be
loaded and will override <varname>.dtb</varname> if present.</para></listitem>
<listitem><para>Zero or more <literal>.efifwauto</literal> sections for the firmware image. It works
in many ways similar to <varname>.dtbauto</varname> sections. <filename>systemd-stub</filename>
will always use the first matching one. The match is performed by first selecting the most appropriate
entry in the <varname>.hwids</varname> section based on the hardware IDs supplied by SMBIOS (see below).
If a suitable entry is found, the <varname>compatible</varname> string from that entry will be used to
perform the matching procedure for firmware blobs in <varname>.efifwauto</varname> section. The first
matching firmware will be loaded.
</para></listitem>
<listitem><para>Zero or more <literal>.hwids</literal> sections with hardware IDs of the machines to
match DeviceTrees. <filename>systemd-stub</filename> will use the SMBIOS data to calculate hardware IDs
of the machine (as per <ulink

View File

@ -152,7 +152,7 @@
in the extension image.</para>
<para>The <command>systemd-confext</command> concept follows the same principle as the
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>1</manvolnum></citerefentry>
functionality but instead of working on <filename>/usr</filename> and <filename>/opt</filename>,
<command>confext</command> will extend only <filename>/etc</filename>. Files and directories contained
in the confext images outside of the <filename>/etc/</filename> hierarchy are <emphasis>not</emphasis>

View File

@ -152,7 +152,7 @@
going to make use of any discovered swap device, regardless if the policy would allow that or not.</para>
<para>Use the <command>image-policy</command> command of the
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool
<citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>8</manvolnum></citerefentry> tool
to analyze image policy strings, and determine what a specific policy string means for a specific
partition.</para>
</refsect1>
@ -184,7 +184,7 @@
<member><citerefentry><refentrytitle>systemd-dissect</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -1286,21 +1286,21 @@ DuplicateAddressDetection=none</programlisting></para>
<varlistentry>
<term><varname>KeepConfiguration=</varname></term>
<listitem>
<para>Takes a boolean or one of <literal>static</literal>, <literal>dynamic-on-stop</literal>, and
<literal>dynamic</literal>. When <literal>static</literal>, <command>systemd-networkd</command>
will not drop statically configured addresses and routes on starting up process. When
<literal>dynamic-on-stop</literal>, the dynamically configurad addresses and routes, such as
DHCPv4, DHCPv6, SLAAC, and IPv4 link-local address, will not be dropped when
<command>systemd-networkd</command> is being stopped. When <literal>dynamic</literal>, the
dynamically configured addresses and routes will never be dropped, and the lifetime of DHCPv4
leases will be ignored. This is contrary to the DHCP specification, but may be the best choice if,
e.g., the root filesystem relies on this connection. The setting <literal>dynamic</literal> implies
<literal>dynamic-on-stop</literal>, and <literal>yes</literal> implies <literal>dynamic</literal>
and <literal>static</literal>. Defaults to <literal>dynamic-on-stop</literal> when
<command>systemd-networkd</command> is running in initrd, <literal>yes</literal> when the root
filesystem is a network filesystem, and <literal>no</literal> otherwise.</para>
<para>Takes a boolean or one of <literal>static</literal>, <literal>dhcp-on-stop</literal>,
<literal>dhcp</literal>. When <literal>static</literal>, <command>systemd-networkd</command>
will not drop static addresses and routes on starting up process. When set to
<literal>dhcp-on-stop</literal>, <command>systemd-networkd</command> will not drop addresses
and routes on stopping the daemon. When <literal>dhcp</literal>,
the addresses and routes provided by a DHCP server will never be dropped even if the DHCP
lease expires. This is contrary to the DHCP specification, but may be the best choice if,
e.g., the root filesystem relies on this connection. The setting <literal>dhcp</literal>
implies <literal>dhcp-on-stop</literal>, and <literal>yes</literal> implies
<literal>dhcp</literal> and <literal>static</literal>. Defaults to
<literal>dhcp-on-stop</literal> when <command>systemd-networkd</command> is running in
initrd, <literal>yes</literal> when the root filesystem is a network filesystem, and
<literal>no</literal> otherwise.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
<xi:include href="version-info.xml" xpointer="v243"/>
</listitem>
</varlistentry>
</variablelist>

View File

@ -40,7 +40,7 @@
<para><filename>*.pcrlock</filename> files define expected TPM2 PCR measurements of components involved
in the boot
process. <citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
process. <citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>1</manvolnum></citerefentry>
uses such pcrlock files to analyze and predict TPM2 PCR measurements. The pcrlock files are JSON arrays
that follow a subset of the <ulink
url="https://trustedcomputinggroup.org/resource/canonical-event-log-format/">TCG Canonical Event Log Format
@ -292,7 +292,7 @@
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -409,7 +409,7 @@
<varlistentry>
<term><filename>initrd-fs.target</filename></term>
<listitem>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
automatically adds dependencies of type <varname>Before=</varname> to
<filename>sysroot-usr.mount</filename> and all mount points found in
<filename>/etc/fstab</filename> that have the <option>x-initrd.mount</option> mount option set
@ -426,10 +426,10 @@
<listitem>
<para>A special initrd target unit that is reached when the root filesystem device is available, but before
it has been mounted.
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
automatically set up the appropriate dependencies to make this happen.
<citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
automatically setup the appropriate dependencies to make this happen.
</para>
<xi:include href="version-info.xml" xpointer="v230"/>
@ -438,7 +438,7 @@
<varlistentry>
<term><filename>initrd-root-fs.target</filename></term>
<listitem>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
automatically adds dependencies of type <varname>Before=</varname> to the
<filename>sysroot.mount</filename> unit, which is generated from the kernel command line's
<varname>root=</varname> setting (or equivalent).</para>
@ -449,7 +449,7 @@
<varlistentry>
<term><filename>initrd-usr-fs.target</filename></term>
<listitem>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
automatically adds dependencies of type <varname>Before=</varname> to the
<filename>sysusr-usr.mount</filename> unit, which is generated from the kernel command line's
<varname>usr=</varname> switch. Services may order themselves after this target unit in order to
@ -495,7 +495,7 @@
<varlistentry>
<term><filename>local-fs.target</filename></term>
<listitem>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<para><citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>3</manvolnum></citerefentry>
automatically adds dependencies of type
<varname>Before=</varname> to all mount units that refer to
local mount points for this target unit. In addition, it
@ -625,7 +625,7 @@
<listitem>
<para>Similar to <filename>cryptsetup.target</filename>, but for encrypted
devices which are accessed over the network. It is used for
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
entries marked with <option>_netdev</option>.</para>
<xi:include href="version-info.xml" xpointer="v235"/>
@ -636,7 +636,7 @@
<listitem>
<para>Similar to <filename>veritysetup.target</filename>, but for verity
integrity protected devices which are accessed over the network. It is used for
<citerefentry><refentrytitle>veritytab</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>veritytab</refentrytitle><manvolnum>8</manvolnum></citerefentry>
entries marked with <option>_netdev</option>.</para>
<xi:include href="version-info.xml" xpointer="v248"/>
@ -1005,7 +1005,7 @@
devices after services that synthesize these block devices. In particular, this is intended to be
used with storage services (such as
<citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>/
<citerefentry><refentrytitle>systemd-veritysetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
<citerefentry><refentrytitle>systemd-veritysetup@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
that allocate and manage a virtual block device. Storage services are ordered before an instance of
<filename>blockdev@.target</filename>, and the consumer units after it. The ordering is
particularly relevant during shutdown, as it ensures that the mount is deactivated first and the
@ -1304,7 +1304,7 @@
<para>There are four <literal>.slice</literal> units which form the basis of the hierarchy for
assignment of resources for services, users, and virtual machines or containers. See
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details about slice units.</para>
<variablelist>
@ -1501,7 +1501,7 @@ PartOf=graphical-session.target
<para>There are four <literal>.slice</literal> units which form the basis of the user hierarchy for
assignment of resources for user applications and services. See
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details about slice units and the documentation about
<ulink url="https://systemd.io/DESKTOP_ENVIRONMENTS">Desktop Environments</ulink>
for further information.</para>

View File

@ -184,7 +184,7 @@
Read by both
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
and only honoured if no root password has been configured before.</para>
<xi:include href="version-info.xml" xpointer="v252"/>
@ -198,7 +198,7 @@
both
<citerefentry><refentrytitle>systemd-firstboot</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-sysusers</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
and only honoured if no root shell has been configured before.</para>
<xi:include href="version-info.xml" xpointer="v252"/>

View File

@ -1141,7 +1141,7 @@
<para>Both settings take a time span with the default unit of seconds, but other units may be
specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The default is <literal>infinity</literal> (job timeouts disabled), except for device units where
<varname>JobRunningTimeoutSec=</varname> defaults to <varname>DefaultDeviceTimeoutSec=</varname>.
</para>
@ -1185,7 +1185,7 @@
<para><replaceable>interval</replaceable> is a time span with the default unit of seconds, but other
units may be specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
The special value <literal>infinity</literal> can be used to limit the total number of start
attempts, even if they happen at large time intervals.
Defaults to <varname>DefaultStartLimitIntervalSec=</varname> in manager configuration file, and may

View File

@ -156,7 +156,7 @@
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-dissect</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -84,7 +84,7 @@
to a different server.</para>
<para>Takes a time span value. The default unit is seconds, but other units may be specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Defaults to 5 seconds.</para>
<xi:include href="version-info.xml" xpointer="v236"/></listitem>
@ -99,7 +99,7 @@
<para>Each setting takes a time span value. The default unit is seconds, but other units may be
specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
<varname>PollIntervalMinSec=</varname> defaults to 32 seconds and must not be smaller than
16 seconds. <varname>PollIntervalMaxSec=</varname> defaults to 34 min 8 s (2048 seconds) and must be
larger than <varname>PollIntervalMinSec=</varname>.</para>
@ -113,7 +113,7 @@
are made.</para>
<para>Takes a time span value. The default unit is seconds, but other units may be specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Defaults to 30 seconds and must not be smaller than 1 second.</para>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
@ -127,7 +127,7 @@
reboots.</para>
<para>Takes a time interval value. The default unit is seconds, but other units may be specified, see
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Defaults to 60 seconds.</para>
<xi:include href="version-info.xml" xpointer="v250"/></listitem>

View File

@ -81,7 +81,4 @@
<para id="v255">Added in version 255.</para>
<para id="v256">Added in version 256.</para>
<para id="v257">Added in version 257.</para>
<para id="v258">Added in version 258.</para>
<para id="v259">Added in version 259.</para>
<para id="v260">Added in version 260.</para>
</refsect1>

View File

@ -2366,7 +2366,6 @@ subdir('src/fsck')
subdir('src/fstab-generator')
subdir('src/getty-generator')
subdir('src/gpt-auto-generator')
subdir('src/growfs')
subdir('src/hibernate-resume')
subdir('src/home')
subdir('src/hostname')
@ -2378,7 +2377,6 @@ subdir('src/integritysetup')
subdir('src/journal')
subdir('src/journal-remote')
subdir('src/kernel-install')
subdir('src/keyutil')
subdir('src/locale')
subdir('src/login')
subdir('src/machine')
@ -2396,6 +2394,7 @@ subdir('src/nss-mymachines')
subdir('src/nss-resolve')
subdir('src/nss-systemd')
subdir('src/oom')
subdir('src/partition')
subdir('src/path')
subdir('src/pcrextend')
subdir('src/pcrlock')
@ -2405,7 +2404,6 @@ subdir('src/quotacheck')
subdir('src/random-seed')
subdir('src/rc-local-generator')
subdir('src/remount-fs')
subdir('src/repart')
subdir('src/reply-password')
subdir('src/resolve')
subdir('src/rfkill')
@ -2674,14 +2672,6 @@ endif
#####################################################################
ukify_depends = []
foreach executable : ['systemd-measure', 'systemd-sbsign', 'systemd-keyutil']
if executable in executables_by_name
ukify_depends += [executables_by_name[executable]]
endif
endforeach
ukify = custom_target(
'ukify',
input : 'src/ukify/ukify.py',
@ -2689,7 +2679,6 @@ ukify = custom_target(
command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
install : want_ukify,
install_mode : 'rwxr-xr-x',
depends : ukify_depends,
install_dir : bindir)
if want_ukify
public_programs += ukify
@ -2709,7 +2698,7 @@ endif
mkosi_depends = public_programs
foreach executable : ['systemd-journal-remote', 'systemd-sbsign', 'systemd-keyutil']
foreach executable : ['systemd-journal-remote', 'systemd-measure']
if executable in executables_by_name
mkosi_depends += [executables_by_name[executable]]
endif

View File

@ -1 +1 @@
257~rc2
257~rc1

View File

@ -7,3 +7,4 @@ ToolsTreePackages=
meson
mypy
pkgconf
ruff

View File

@ -10,6 +10,5 @@ ToolsTreePackages=
libmicrohttpd
python-jinja
python-pytest
ruff
tpm2-tss
util-linux-libs

View File

@ -13,6 +13,6 @@ ToolsTreePackages=
pkgconfig(fdisk)
pkgconfig(libmicrohttpd)
pkgconfig(mount)
tpm2-tss-devel
tss2-devel
python3-jinja2
python3-pytest

View File

@ -1,8 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
[Match]
ToolsTreeDistribution=fedora
[Build]
ToolsTreePackages=
ruff

View File

@ -12,7 +12,6 @@ ToolsTreePackages=
pkgconfig(fdisk)
pkgconfig(libmicrohttpd)
pkgconfig(mount)
python3-ruff
tss2-devel
python3-jinja2
python3-pytest

View File

@ -1,7 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi

View File

@ -2,6 +2,10 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
if [[ "$1" == "clangd" ]]; then
exec "$@"
fi
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1

View File

@ -7,7 +7,7 @@ Distribution=arch
Environment=
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
GIT_BRANCH=main
GIT_COMMIT=29a73017cd380cd8db070dbd560e229d523b3c79
GIT_COMMIT=62c224b60ca150627be58ca2da50f47cc0a5793c
PKG_SUBDIR=arch
[Content]

View File

@ -8,7 +8,7 @@ Distribution=|fedora
Environment=
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
GIT_BRANCH=rawhide
GIT_COMMIT=7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99
GIT_COMMIT=e42eed4afd6267cd954d393d8eec79e0e7573de0
PKG_SUBDIR=fedora
[Content]

View File

@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=debian/master
GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
GIT_COMMIT=2f288667e0f5eeba19b14d24b621baef2aa413e1
PKG_SUBDIR=debian
[Content]

View File

@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-17 15:48+0000\n"
"PO-Revision-Date: 2024-11-09 20:13+0000\n"
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
"memory@weblate.org>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
@ -187,11 +187,9 @@ msgstr ""
"benötigte Speichermedium oder Dateisystem ein."
#: src/home/pam_systemd_home.c:298
#, c-format
#, fuzzy, c-format
msgid "Too frequent login attempts for user %s, try again later."
msgstr ""
"Zu viele Anmeldeversuche für Benutzer %s, versuchen Sie es später noch "
"einmal."
msgstr "Zu häufige Loginversuche für %s. Bitte später erneut probieren."
#: src/home/pam_systemd_home.c:310
msgid "Password: "
@ -1191,16 +1189,18 @@ msgid "Subscribe query results"
msgstr "Abfrageergebnisse abonnieren"
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "Legitimierung ist zum Abonnieren von Abfrageergebnissen erforderlich."
msgstr "Legitimierung ist zum Versetzen des Systems in Bereitschaft notwendig."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr ""
msgstr "Legitimierung ist zum Festlegen von Domains notwendig."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
@ -1248,21 +1248,20 @@ msgid "Install specific system version"
msgstr "Spezifische Systemversion installieren"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr ""
"Legitimierung ist zum Aktualisieren des Systems auf eine bestimmte ("
"möglicherweise alte) Version erforderlich."
msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "Alte Systemaktualisierungen bereinigen"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr ""
"Legitimierung ist zum Bereinigen alter Systemaktualisierungen erforderlich."
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
@ -1270,8 +1269,11 @@ msgstr "Optionale Funktionen verwalten"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Legitimierung ist zur Verwaltung optionaler Funktionen erforderlich"
msgstr ""
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
"Arbeitsstationen notwendig."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -3,13 +3,12 @@
# Finnish translation of systemd.
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
"main/fi/>\n"
"Language: fi\n"
@ -17,7 +16,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -113,12 +112,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Päivitä kotialue"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1173,11 +1174,14 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Hallitse valinnaisia ominaisuuksia"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
msgstr ""
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
"hallintaan."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -12,7 +12,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
"main/fr/>\n"
@ -360,8 +360,8 @@ msgid ""
"Authentication is required to set the statically configured local hostname, "
"as well as the pretty hostname."
msgstr ""
"Une authentification est requise pour définir le nom d'hôte local configuré "
"de manière statique, ainsi que le nom d'hôte convivial."
"Une authentification est requise pour définir le nom d'hôte local de manière "
"statique, ainsi que le nom d'hôte familier."
#: src/hostname/org.freedesktop.hostname1.policy:41
msgid "Set machine information"

114
po/he.po
View File

@ -1,22 +1,22 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
#
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023.
msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-19 07:38+0000\n"
"PO-Revision-Date: 2023-11-22 00:01+0000\n"
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
"main/he/>\n"
"master/he/>\n"
"Language: he\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
"n % 10 == 0) ? 2 : 3));\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "עדכון אזור הבית שלך"
msgstr "עדכון אזור בית"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "נדרש אימות כדי לעדכן את אזור הבית שלך."
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -131,12 +133,14 @@ msgid ""
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "הפעלת אזור בית"
msgstr "יצירת אזור בית"
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש."
msgstr "נדרש אימות כדי ליצור אזור בית למשתמש."
#: src/home/pam_systemd_home.c:293
#, c-format
@ -347,37 +351,46 @@ msgid "Authentication is required to get system description."
msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
#: src/import/org.freedesktop.import1.policy:22
#, fuzzy
msgid "Import a disk image"
msgstr "ייבוא דמות כונן"
msgstr "לייבא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image."
msgstr "נדרש אימות כדי לייבא דמות."
msgstr ""
"נדרש אימות כדי לייבא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:32
#, fuzzy
msgid "Export a disk image"
msgstr "ייצוא דמות כונן"
msgstr "ייצוא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image."
msgstr "נדרש אימות כדי לייצא דמות כונן."
msgstr ""
"נדרש אימות כדי לייצא מכונה וירטואלית או דמות של מכולה (container image)"
#: src/import/org.freedesktop.import1.policy:42
#, fuzzy
msgid "Download a disk image"
msgstr "הורדת דמות כונן"
msgstr "הורדת מכונה וירטואלית או דמות מכולה"
#: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image."
msgstr "נדרש אימות כדי להוריד דמות כונן."
msgstr "נדרש אימות כדי להוריד מכונה וירטואלית או דמות מכולה"
#: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image"
msgstr "ביטול העברה של דמות כונן"
msgstr ""
#: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image."
msgstr "נדרש אימות כדי לבטל העברה של דמות כונן שמתבצעת בזמן אמת."
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
@ -719,8 +732,9 @@ msgid "Set a wall message"
msgstr "הגדרת הודעת קיר"
#: src/login/org.freedesktop.login1.policy:397
#, fuzzy
msgid "Authentication is required to set a wall message."
msgstr "נדרש אימות כדי להגדיר הודעת קיר."
msgstr "נדרש אימות כדי להגדיר הודעת קיר"
#: src/login/org.freedesktop.login1.policy:406
msgid "Change Session"
@ -790,14 +804,16 @@ msgstr ""
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container"
msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
msgstr "ניהול מכונות וירטואליות ומכולות מקומיות"
#: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid ""
"Authentication is required to create a local virtual machine or container."
msgstr ""
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
#: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images"
@ -949,13 +965,13 @@ msgstr "נדרש אימות כדי להגדיר כרטיס רשת מחדש."
#: src/network/org.freedesktop.network1.policy:187
msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr "נא לציין האם יש אחסון קבוע זמין ל־systemd-networkd"
msgstr ""
#: src/network/org.freedesktop.network1.policy:188
msgid ""
"Authentication is required to specify whether persistent storage for systemd-"
"networkd is available."
msgstr "נדרש אימות כדי לציין האם אחסון קבוע זמין ל־systemd-networkd."
msgstr ""
#: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image"
@ -988,16 +1004,18 @@ msgid "Register a DNS-SD service"
msgstr "רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD."
msgstr "נדרש אימות כדי לרשום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service"
msgstr "ביטול רישום שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:34
#, fuzzy
msgid "Authentication is required to unregister a DNS-SD service."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD."
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD"
#: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings"
@ -1009,85 +1027,95 @@ msgstr "נדרש אימות כדי לאפס את הגדרות פתרון השמ
#: src/resolve/org.freedesktop.resolve1.policy:143
msgid "Subscribe query results"
msgstr "רישום לתוצאות שאילתה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
msgstr "נדרש אימות כדי להשהות את המערכת."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr "היטל המטמון"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr "נדרש אימות כדי להטיל את המטמון."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
msgstr "היטל מצב השרת"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:166
#, fuzzy
msgid "Authentication is required to dump server state."
msgstr "נדרש אימות כדי להטיל את מצב השרת."
msgstr "נדרש אימות כדי להגדיר שרתי NTP."
#: src/resolve/org.freedesktop.resolve1.policy:176
msgid "Dump statistics"
msgstr "היטל סטטיסטיקה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:177
#, fuzzy
msgid "Authentication is required to dump statistics."
msgstr "נדרש אימות כדי להטיל סטטיסטיקה."
msgstr "נדרש אימות כדי להגדיר שמות תחום."
#: src/resolve/org.freedesktop.resolve1.policy:187
msgid "Reset statistics"
msgstr "איפוס סטטיסטיקה"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:188
#, fuzzy
msgid "Authentication is required to reset statistics."
msgstr "נדרש אימות כדי לאפס סטטיסטיקה."
msgstr "נדרש אימות כדי לאפס הגדרות NTP."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
msgid "Check for system updates"
msgstr "חיפוש עדכוני מערכת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
#, fuzzy
msgid "Authentication is required to check for system updates."
msgstr "נדרש אימות כדי לחפש עדכוני מערכת."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
msgid "Install system updates"
msgstr "התקנת עדכוני מערכת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
#, fuzzy
msgid "Authentication is required to install system updates."
msgstr "נדרש אימות כדי להתקין עדכוני מערכת."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
msgid "Install specific system version"
msgstr "התקנת גרסת מערכת מסוימת"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr "נדרש אימות כדי לעדכן את המערכת לגרסה מסוימת (כנראה ישנה)."
msgstr "נדרש אימות כדי להגדיר את אזור הזמן של המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "ניקוי עדכוני מערכת ישנים"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "נדרש אימות כדי לנקות עדכוני מערכת ישנים."
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "ניהול יכולות רשות"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "נדרש אימות כדי לנהל יכולות רשות"
msgstr "נדרש אימות כדי לנהל הפעלות, משתמשים ומושבים פעילים."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-18 12:55+0900\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2021-09-09 03:04+0000\n"
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "ホーム領域の更新"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "ホーム領域の更新には認証が必要です。"
msgstr "ユーザのホーム領域の更新には認証が必要です。"
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1118,11 +1120,12 @@ msgstr "過去のシステム更新を削除するには認証が必要です。
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "任意の機能の管理"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "任意の機能を管理するには認証が必要です。"
msgstr "アクティブなセッションやユーザ,シートを管理するには認証が必要です。"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -12,8 +12,8 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-11 08:36+0000\n"
"Last-Translator: Gabriel Elyas <gabrielelyas@protonmail.com>\n"
"PO-Revision-Date: 2024-09-25 01:07+0000\n"
"Last-Translator: Fábio Rodrigues Ribeiro <farribeiro@gmail.com>\n"
"Language-Team: Portuguese (Brazil) <https://translate.fedoraproject.org/"
"projects/systemd/main/pt_BR/>\n"
"Language: pt_BR\n"
@ -21,7 +21,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n > 1;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -1214,8 +1214,11 @@ msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "A autenticação é necessária para gerenciar recursos opcionais"
msgstr ""
"A autenticação é necessária para gerenciar sessões ativas, usuários e "
"estações."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -14,7 +14,7 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-17 13:38+0000\n"
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
"main/ru/>\n"
@ -1280,7 +1280,7 @@ msgstr "Управление дополнительными функциями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features"
msgstr ""
"Для управления дополнительными функциями необходимо пройти аутентификацию"
"Для управления дополнительными функциями необходимо пройти аутентификацию."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -7,7 +7,7 @@ msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
"systemd/main/sl/>\n"
@ -17,7 +17,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
"n%100==4 ? 2 : 3;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -125,13 +125,16 @@ msgstr ""
"območja."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Posodobite domače območje"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
"območja."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1231,12 +1234,14 @@ msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Upravljaj dodatne funkcionalnosti"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
"in delovišč."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -4,12 +4,11 @@
# Eugene Melnik <jeka7js@gmail.com>, 2014.
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n"
@ -19,7 +18,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
"X-Generator: Weblate 5.8.2\n"
"X-Generator: Weblate 5.7\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -119,12 +118,14 @@ msgid "Authentication is required to update a user's home area."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Оновлення домашньої області"
msgstr "Оновлення домашньої теки"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1211,11 +1212,14 @@ msgstr "Для вилучення застарілих оновлень сист
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr "Керування додатковими функціями"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
msgstr ""
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
"пройти розпізнавання."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -38,12 +38,19 @@ __get_tpm2_devices() {
done
}
__get_block_devices() {
local i
for i in /dev/*; do
[ -b "$i" ] && printf '%s\n' "$i"
done
}
_systemd_cryptenroll() {
local comps
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
local -A OPTS=(
[STANDALONE]='-h --help --version
--password --recovery-key --list-devices'
--password --recovery-key'
[ARG]='--unlock-key-file
--unlock-fido2-device
--unlock-tpm2-device
@ -109,7 +116,7 @@ _systemd_cryptenroll() {
return 0
fi
comps=$(systemd-cryptenroll --list-devices)
comps=$(__get_block_devices)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
}

View File

@ -15,59 +15,27 @@
#include "parse-util.h"
#include "process-util.h"
#include "socket-util.h"
#include "stat-util.h"
#include "user-util.h"
#include "virt.h"
static int audit_read_field(const PidRef *pid, const char *field, char **ret) {
int r;
assert(field);
assert(ret);
if (!pidref_is_set(pid))
return -ESRCH;
/* Auditing is currently not virtualized for containers. Let's hence not use the audit session ID or
* login UID for now, it will be leaked in from the host */
if (detect_container() > 0)
return -ENODATA;
const char *p = procfs_file_alloca(pid->pid, field);
int audit_session_from_pid(pid_t pid, uint32_t *id) {
_cleanup_free_ char *s = NULL;
bool enoent = false;
r = read_virtual_file(p, SIZE_MAX, &s, /* ret_size= */ NULL);
if (r == -ENOENT) {
if (proc_mounted() == 0)
return -ENOSYS;
enoent = true;
} else if (r < 0)
return r;
r = pidref_verify(pid);
if (r < 0)
return r;
if (enoent) /* We got ENOENT, but /proc/ was mounted and the PID still valid? In that case it appears
* auditing is not supported by the kernel. */
return -ENODATA;
delete_trailing_chars(s, NEWLINE);
*ret = TAKE_PTR(s);
return 0;
}
int audit_session_from_pid(const PidRef *pid, uint32_t *ret_id) {
_cleanup_free_ char *s = NULL;
int r;
r = audit_read_field(pid, "sessionid", &s);
if (r < 0)
return r;
const char *p;
uint32_t u;
int r;
assert(id);
/* We don't convert ENOENT to ESRCH here, since we can't
* really distinguish between "audit is not available in the
* kernel" and "the process does not exist", both which will
* result in ENOENT. */
p = procfs_file_alloca(pid, "sessionid");
r = read_one_line_file(p, &s);
if (r < 0)
return r;
r = safe_atou32(s, &u);
if (r < 0)
return r;
@ -75,24 +43,32 @@ int audit_session_from_pid(const PidRef *pid, uint32_t *ret_id) {
if (!audit_session_is_valid(u))
return -ENODATA;
if (ret_id)
*ret_id = u;
*id = u;
return 0;
}
int audit_loginuid_from_pid(const PidRef *pid, uid_t *ret_uid) {
int audit_loginuid_from_pid(pid_t pid, uid_t *uid) {
_cleanup_free_ char *s = NULL;
const char *p;
uid_t u;
int r;
r = audit_read_field(pid, "loginuid", &s);
assert(uid);
p = procfs_file_alloca(pid, "loginuid");
r = read_one_line_file(p, &s);
if (r < 0)
return r;
if (streq(s, "4294967295")) /* loginuid as 4294967295 means not part of any session. */
r = parse_uid(s, &u);
if (r == -ENXIO) /* the UID was -1 */
return -ENODATA;
if (r < 0)
return r;
return parse_uid(s, ret_uid);
*uid = u;
return 0;
}
static int try_audit_request(int fd) {
@ -137,32 +113,33 @@ bool use_audit(void) {
static int cached_use = -1;
int r;
if (cached_use >= 0)
return cached_use;
if (cached_use < 0) {
int fd;
_cleanup_close_ int fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
if (fd < 0) {
cached_use = !ERRNO_IS_PRIVILEGE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno);
if (cached_use)
log_debug_errno(errno, "Unexpected error while creating audit socket, proceeding with its use: %m");
else
log_debug_errno(errno, "Won't talk to audit, because feature or privilege absent: %m");
} else {
/* If we try and use the audit fd but get -ECONNREFUSED, it is because we are not in the
* initial user namespace, and the kernel does not have support for audit outside of the
* initial user namespace (see
* https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
*
* If we receive any other error, do not disable audit because we are not sure that the error
* indicates that audit will not work in general. */
r = try_audit_request(fd);
if (r < 0) {
cached_use = r != -ECONNREFUSED;
log_debug_errno(r, cached_use ?
"Failed to make request on audit fd, ignoring: %m" :
"Won't talk to audit: %m");
} else
cached_use = true;
fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC|SOCK_NONBLOCK, NETLINK_AUDIT);
if (fd < 0) {
cached_use = !IN_SET(errno, EAFNOSUPPORT, EPROTONOSUPPORT, EPERM);
if (!cached_use)
log_debug_errno(errno, "Won't talk to audit: %m");
} else {
/* If we try and use the audit fd but get -ECONNREFUSED, it is because
* we are not in the initial user namespace, and the kernel does not
* have support for audit outside of the initial user namespace
* (see https://elixir.bootlin.com/linux/latest/C/ident/audit_netlink_ok).
*
* If we receive any other error, do not disable audit because we are not
* sure that the error indicates that audit will not work in general. */
r = try_audit_request(fd);
if (r < 0) {
cached_use = r != -ECONNREFUSED;
log_debug_errno(r, cached_use ?
"Failed to make request on audit fd, ignoring: %m" :
"Won't talk to audit: %m");
} else
cached_use = true;
safe_close(fd);
}
}
return cached_use;

View File

@ -5,12 +5,10 @@
#include <stdint.h>
#include <sys/types.h>
#include "pidref.h"
#define AUDIT_SESSION_INVALID UINT32_MAX
int audit_session_from_pid(const PidRef *pid, uint32_t *id);
int audit_loginuid_from_pid(const PidRef *pid, uid_t *uid);
int audit_session_from_pid(pid_t pid, uint32_t *id);
int audit_loginuid_from_pid(pid_t pid, uid_t *uid);
bool use_audit(void);

View File

@ -799,20 +799,16 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
continue;
}
_cleanup_free_ char *path = strdup(e + 1);
char *path = strdup(e + 1);
if (!path)
return -ENOMEM;
/* Refuse cgroup paths from outside our cgroup namespace */
if (startswith(path, "/../"))
return -EUNATCH;
/* Truncate suffix indicating the process is a zombie */
e = endswith(path, " (deleted)");
if (e)
*e = 0;
*ret_path = TAKE_PTR(path);
*ret_path = path;
return 0;
}
}

View File

@ -81,7 +81,6 @@ const char* special_glyph_full(SpecialGlyph code, bool force_utf) {
[SPECIAL_GLYPH_BLUE_CIRCLE] = "o",
[SPECIAL_GLYPH_GREEN_CIRCLE] = "o",
[SPECIAL_GLYPH_SUPERHERO] = "S",
[SPECIAL_GLYPH_IDCARD] = "@",
},
/* UTF-8 */
@ -152,7 +151,6 @@ const char* special_glyph_full(SpecialGlyph code, bool force_utf) {
[SPECIAL_GLYPH_BLUE_CIRCLE] = u8"🔵",
[SPECIAL_GLYPH_GREEN_CIRCLE] = u8"🟢",
[SPECIAL_GLYPH_SUPERHERO] = u8"🦸",
[SPECIAL_GLYPH_IDCARD] = u8"🪪",
},
};

View File

@ -56,7 +56,6 @@ typedef enum SpecialGlyph {
SPECIAL_GLYPH_BLUE_CIRCLE,
SPECIAL_GLYPH_GREEN_CIRCLE,
SPECIAL_GLYPH_SUPERHERO,
SPECIAL_GLYPH_IDCARD,
_SPECIAL_GLYPH_MAX,
_SPECIAL_GLYPH_INVALID = -EINVAL,
} SpecialGlyph;

View File

@ -136,14 +136,12 @@ int namespace_open(
int *ret_userns_fd,
int *ret_root_fd) {
_cleanup_(pidref_done) PidRef pidref = PIDREF_NULL;
int r;
assert(pid >= 0);
r = pidref_set_pid(&pidref, pid);
if (r < 0)
return r;
if (pid == 0)
pid = getpid_cached();
return pidref_namespace_open(&pidref, ret_pidns_fd, ret_mntns_fd, ret_netns_fd, ret_userns_fd, ret_root_fd);
return pidref_namespace_open(&PIDREF_MAKE_FROM_PID(pid), ret_pidns_fd, ret_mntns_fd, ret_netns_fd, ret_userns_fd, ret_root_fd);
}
int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int userns_fd, int root_fd) {

View File

@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
_cleanup_free_ char *escaped = NULL, *comm = NULL;
int r;
assert(pid >= 0);
assert(ret);
assert(pid >= 0);
if (pid == 0 || pid == getpid_cached()) {
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
@ -143,9 +143,6 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_comm(pid->pid, &comm);
if (r < 0)
return r;
@ -292,9 +289,6 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
if (r < 0)
return r;
@ -337,9 +331,6 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_cmdline_strv(pid->pid, flags, &args);
if (r < 0)
return r;
@ -486,9 +477,6 @@ int pidref_is_kernel_thread(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_kernel_thread(pid->pid);
if (result < 0)
return result;
@ -606,9 +594,6 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_uid(pid->pid, &uid);
if (r < 0)
return r;
@ -809,9 +794,6 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
if (r < 0)
return r;
@ -1111,9 +1093,6 @@ int pidref_is_my_child(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
result = pid_is_my_child(pid->pid);
if (result < 0)
return result;
@ -1149,9 +1128,6 @@ int pidref_is_unwaited(const PidRef *pid) {
if (!pidref_is_set(pid))
return -ESRCH;
if (pidref_is_remote(pid))
return -EREMOTE;
if (pid->pid == 1 || pidref_is_self(pid))
return true;
@ -1193,9 +1169,6 @@ int pidref_is_alive(const PidRef *pidref) {
if (!pidref_is_set(pidref))
return -ESRCH;
if (pidref_is_remote(pidref))
return -EREMOTE;
result = pid_is_alive(pidref->pid);
if (result < 0) {
assert(result != -ESRCH);
@ -1487,8 +1460,8 @@ int safe_fork_full(
bool block_signals = false, block_all = false, intermediary = false;
int prio, r;
assert(!FLAGS_SET(flags, FORK_DETACH) ||
(!ret_pid && (flags & (FORK_WAIT|FORK_DEATHSIG_SIGTERM|FORK_DEATHSIG_SIGINT|FORK_DEATHSIG_SIGKILL)) == 0));
assert(!FLAGS_SET(flags, FORK_DETACH) || !ret_pid);
assert(!FLAGS_SET(flags, FORK_DETACH|FORK_WAIT));
/* A wrapper around fork(), that does a couple of important initializations in addition to mere forking. Always
* returns the child's PID in *ret_pid. Returns == 0 in the child, and > 0 in the parent. */
@ -1842,9 +1815,6 @@ int namespace_fork(
int set_oom_score_adjust(int value) {
char t[DECIMAL_STR_MAX(int)];
if (!oom_score_adjust_is_valid(value))
return -EINVAL;
xsprintf(t, "%i", value);
return write_string_file("/proc/self/oom_score_adj", t,
@ -1861,16 +1831,11 @@ int get_oom_score_adjust(int *ret) {
delete_trailing_chars(t, WHITESPACE);
r = safe_atoi(t, &a);
if (r < 0)
return r;
if (!oom_score_adjust_is_valid(a))
return -ENODATA;
assert_se(safe_atoi(t, &a) >= 0);
assert_se(oom_score_adjust_is_valid(a));
if (ret)
*ret = a;
return 0;
}

View File

@ -220,9 +220,9 @@ static int synthesize_user_creds(
if (ret_gid)
*ret_gid = GID_NOBODY;
if (ret_home)
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
if (ret_shell)
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
return 0;
}
@ -244,7 +244,6 @@ int get_user_creds(
assert(username);
assert(*username);
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
(!ret_home && !ret_shell)) {
@ -316,14 +315,17 @@ int get_user_creds(
if (ret_home)
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
? NULL : p->pw_dir;
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(empty_or_root(p->pw_dir) ||
!path_is_valid(p->pw_dir) ||
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
if (ret_shell)
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
? NULL : p->pw_shell;
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
(isempty(p->pw_shell) ||
!path_is_valid(p->pw_shell) ||
!path_is_absolute(p->pw_shell) ||
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
if (patch_username)
*username = p->pw_name;

View File

@ -12,8 +12,6 @@
#include <sys/types.h>
#include <unistd.h>
#include "string-util.h"
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
#define HOME_UID_MIN ((uid_t) 60001)
#define HOME_UID_MAX ((uid_t) 60513)
@ -38,20 +36,10 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
char* getlogname_malloc(void);
char* getusername_malloc(void);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
bool is_nologin_shell(const char *shell);
static inline bool shell_is_placeholder(const char *shell) {
return isempty(shell) || is_nologin_shell(shell);
}
typedef enum UserCredsFlags {
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
} UserCredsFlags;
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
@ -137,6 +125,10 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
int putsgent_sane(const struct sgrp *sg, FILE *stream);
#endif
bool is_nologin_shell(const char *shell);
const char* default_root_shell_at(int rfd);
const char* default_root_shell(const char *root);
int is_this_me(const char *username);
const char* get_home_root(void);

View File

@ -1,18 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_BINFMT') != 1
subdir_done()
endif
executables += [
libexec_template + {
'name' : 'systemd-binfmt',
'public' : true,
'conditions' : ['ENABLE_BINFMT'],
'sources' : files('binfmt.c'),
},
]
install_emptydir(binfmtdir)
if install_sysconfdir
install_emptydir(sysconfdir / 'binfmt.d')
if conf.get('ENABLE_BINFMT') == 1
install_emptydir(binfmtdir)
if install_sysconfdir
install_emptydir(sysconfdir / 'binfmt.d')
endif
endif

View File

@ -2469,7 +2469,11 @@ static EFI_STATUS initrd_prepare(
return EFI_OUT_OF_RESOURCES;
}
_cleanup_pages_ Pages pages = xmalloc_initrd_pages(size);
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(size),
UINT32_MAX /* Below 4G boundary. */);
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
STRV_FOREACH(i, entry->initrd) {

View File

@ -21,11 +21,6 @@
#include "smbios.h"
#include "util.h"
/* Validate the descriptor macros a bit that they match our expectations */
assert_cc(DEVICE_DESCRIPTOR_DEVICETREE == UINT32_C(0x1000001C));
assert_cc(DEVICE_SIZE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == sizeof(Device));
assert_cc(DEVICE_TYPE_FROM_DESCRIPTOR(DEVICE_DESCRIPTOR_DEVICETREE) == DEVICE_TYPE_DEVICETREE);
/**
* smbios_to_hashable_string() - Convert ascii smbios string to stripped char16_t.
*/
@ -110,10 +105,9 @@ EFI_STATUS chid_match(const void *hwid_buffer, size_t hwid_length, const Device
/* Count devices and check validity */
for (; (n_devices + 1) * sizeof(*devices) < hwid_length;) {
if (devices[n_devices].descriptor == DEVICE_DESCRIPTOR_EOL)
if (devices[n_devices].struct_size == 0)
break;
if (devices[n_devices].descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
if (devices[n_devices].struct_size != sizeof(*devices))
return EFI_UNSUPPORTED;
n_devices++;
}

View File

@ -2,63 +2,22 @@
#pragma once
#include "efi.h"
#include "chid-fundamental.h"
/* A .hwids PE section consists of a series of 'Device' structures. A 'Device' structure binds a CHID to some
* resource, for now only Devicetree blobs. Designed to be extensible to other types of resources, should the
* need arise. The series of 'Device' structures is followed by some space for strings that can be referenced
* by offset by the Device structures. */
enum {
DEVICE_TYPE_DEVICETREE = 0x1, /* A devicetree blob */
/* Maybe later additional types for:
* - CoCo Bring-Your-Own-Firmware
* - ACPI DSDT Overrides
* - */
};
#define DEVICE_SIZE_FROM_DESCRIPTOR(u) ((uint32_t) (u) & UINT32_C(0x0FFFFFFF))
#define DEVICE_TYPE_FROM_DESCRIPTOR(u) ((uint32_t) (u) >> 28)
#define DEVICE_MAKE_DESCRIPTOR(type, size) (((uint32_t) (size) | ((uint32_t) type << 28)))
#define DEVICE_DESCRIPTOR_DEVICETREE DEVICE_MAKE_DESCRIPTOR(DEVICE_TYPE_DEVICETREE, sizeof(Device))
#define DEVICE_DESCRIPTOR_EOL UINT32_C(0)
typedef struct Device {
uint32_t descriptor; /* The highest four bit encode the type of entry, the other 28 bit encode the
* size of the structure. Use the macros above to generate or take apart this
* field. */
uint32_t struct_size; /* = sizeof(struct Device), or 0 for EOL */
uint32_t name_offset; /* nul-terminated string or 0 if not present */
uint32_t compatible_offset; /* nul-terminated string or 0 if not present */
EFI_GUID chid;
union {
struct {
/* These offsets are relative to the beginning of the .hwids PE section. */
uint32_t name_offset; /* nul-terminated string or 0 if not present */
uint32_t compatible_offset; /* nul-terminated string or 0 if not present */
} devicetree;
/* fields for other descriptor types… */
};
} _packed_ Device;
/* Validate some offset, since the structure is API and src/ukify/ukify.py encodes them directly */
assert_cc(offsetof(Device, descriptor) == 0);
assert_cc(offsetof(Device, chid) == 4);
assert_cc(offsetof(Device, devicetree.name_offset) == 20);
assert_cc(offsetof(Device, devicetree.compatible_offset) == 24);
assert_cc(sizeof(Device) == 28);
static inline const char* device_get_name(const void *base, const Device *device) {
if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.name_offset);
return device->name_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->name_offset);
}
static inline const char* device_get_compatible(const void *base, const Device *device) {
if (device->descriptor != DEVICE_DESCRIPTOR_DEVICETREE)
return NULL;
return device->devicetree.compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->devicetree.compatible_offset);
return device->compatible_offset == 0 ? NULL : (const char *) ((const uint8_t *) base + device->compatible_offset);
}
EFI_STATUS chid_match(const void *chids_buffer, size_t chids_length, const Device **ret_device);

View File

@ -27,7 +27,6 @@ _gnu_printf_(3, 4) EFI_STATUS log_internal(EFI_STATUS status, uint8_t text_color
log_internal(status, text_color, "%s:%i@%s: " format, __FILE__, __LINE__, __func__, ##__VA_ARGS__)
#define log_debug(...) log_full(EFI_SUCCESS, EFI_LIGHTGRAY, __VA_ARGS__)
#define log_info(...) log_full(EFI_SUCCESS, EFI_WHITE, __VA_ARGS__)
#define log_warning_status(status, ...) log_full(status, EFI_YELLOW, __VA_ARGS__)
#define log_error_status(status, ...) log_full(status, EFI_LIGHTRED, __VA_ARGS__)
#define log_error(...) log_full(EFI_INVALID_PARAMETER, EFI_LIGHTRED, __VA_ARGS__)
#define log_oom() log_full(EFI_OUT_OF_RESOURCES, EFI_LIGHTRED, "Out of memory.")

View File

@ -320,7 +320,7 @@ static void pe_locate_sections(
/* device */ NULL,
&hwids_section);
if (PE_SECTION_VECTOR_IS_SET(&hwids_section)) {
if (hwids_section.memory_offset != 0) {
hwids = (const uint8_t *) SIZE_TO_PTR(validate_base) + hwids_section.memory_offset;
EFI_STATUS err = chid_match(hwids, hwids_section.memory_size, &device);
@ -328,7 +328,8 @@ static void pe_locate_sections(
log_error_status(err, "HWID matching failed, no DT blob will be selected: %m");
hwids = NULL;
}
}
} else
log_info("HWIDs section is missing, no DT blob will be selected");
}
return pe_locate_sections_internal(
@ -358,7 +359,7 @@ static uint32_t get_compatibility_entry_address(const DosFileHeader *dos, const
PTR_TO_SIZE(dos),
&vector);
if (!PE_SECTION_VECTOR_IS_SET(&vector)) /* not found */
if (vector.memory_size == 0) /* not found */
return 0;
typedef struct {

View File

@ -43,11 +43,8 @@ static EFI_STATUS acquire_rng(void *ret, size_t size) {
return EFI_UNSUPPORTED;
err = rng->GetRNG(rng, NULL, size, ret);
/* On some systems the RNG might not be ready during early boot, handle gracefully and don't log. */
if (err == EFI_NOT_READY)
return err;
if (err != EFI_SUCCESS)
return log_warning_status(err, "Failed to acquire RNG data, proceeding without: %m");
return log_error_status(err, "Failed to acquire RNG data: %m");
return EFI_SUCCESS;
}

View File

@ -114,9 +114,12 @@ static EFI_STATUS combine_initrds(
n += initrd_size;
}
_cleanup_pages_ Pages pages = xmalloc_initrd_pages(n);
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n),
UINT32_MAX /* Below 4G boundary. */);
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
FOREACH_ARRAY(i, initrds, n_initrds) {
size_t pad;

View File

@ -99,29 +99,6 @@ static inline Pages xmalloc_pages(
};
}
static inline Pages xmalloc_initrd_pages(size_t n_pages) {
/* The original native x86 boot protocol of the Linux kernel was not 64bit safe, hence we allocate
* memory for the initrds below the 4G boundary on x86, since we don't know early enough which
* protocol we'll use to ultimately boot the kernel. This restriction is somewhat obsolete, since
* these days we generally prefer the kernel's newer EFI entrypoint instead, which has no such
* limitations. On other architectures we do not bother with any restriction on this, in particular
* as some of them don't even have RAM mapped to such low addresses. */
#if defined(__i386__) || defined(__x86_64__)
return xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n_pages),
UINT32_MAX /* Below 4G boundary. */);
#else
return xmalloc_pages(
AllocateAnyPages,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n_pages),
0 /* Ignored. */);
#endif
}
void convert_efi_path(char16_t *path);
char16_t *xstr8_to_path(const char *stra);
char16_t *mangle_stub_cmdline(char16_t *cmdline);

View File

@ -299,6 +299,7 @@ static const char *const esp_subdirs[] = {
"EFI/BOOT",
"loader",
"loader/keys",
"loader/keys/auto",
NULL
};
@ -614,10 +615,6 @@ static int install_secure_boot_auto_enroll(const char *esp, X509 *certificate, E
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to convert X.509 certificate to DER: %s",
ERR_error_string(ERR_get_error(), NULL));
r = mkdir_one(esp, "loader/keys/auto");
if (r < 0)
return r;
_cleanup_close_ int keys_fd = chase_and_open("loader/keys/auto", esp, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, O_DIRECTORY, NULL);
if (keys_fd < 0)
return log_error_errno(keys_fd, "Failed to chase loader/keys/auto in the ESP: %m");
@ -1290,10 +1287,6 @@ int verb_remove(int argc, char *argv[], void *userdata) {
r = q;
}
q = rmdir_one(arg_esp_path, "/loader/keys/auto");
if (q < 0 && r >= 0)
r = q;
q = remove_subdirs(arg_esp_path, esp_subdirs);
if (q < 0 && r >= 0)
r = q;

View File

@ -1088,7 +1088,7 @@ static int method_start_transient_unit(sd_bus_message *message, void *userdata,
m,
name,
"start",
N_("Authentication is required to start transient unit '$(unit)'."),
N_("Authentication is required to start transient '$(unit)'."),
message,
error);
if (r < 0)

View File

@ -855,6 +855,9 @@ static int get_fixed_user(
assert(user_or_uid);
assert(ret_username);
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
if (r < 0)
return r;
@ -1880,10 +1883,7 @@ static int build_environment(
}
}
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
* (i.e. are "/" or "/bin/nologin"). */
if (home && set_user_login_env && !empty_or_root(home)) {
if (home && set_user_login_env) {
x = strjoin("HOME=", home);
if (!x)
return -ENOMEM;
@ -1892,7 +1892,7 @@ static int build_environment(
our_env[n_env++] = x;
}
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
if (shell && set_user_login_env) {
x = strjoin("SHELL=", shell);
if (!x)
return -ENOMEM;
@ -3471,16 +3471,20 @@ static int apply_working_directory(
const ExecContext *context,
const ExecParameters *params,
ExecRuntime *runtime,
const char *home) {
const char *home,
int *exit_status) {
const char *wd;
int r;
assert(context);
assert(exit_status);
if (context->working_directory_home) {
if (!home)
if (!home) {
*exit_status = EXIT_CHDIR;
return -ENXIO;
}
wd = home;
} else
@ -3499,7 +3503,13 @@ static int apply_working_directory(
if (r >= 0)
r = RET_NERRNO(fchdir(dfd));
}
return context->working_directory_missing_ok ? 0 : r;
if (r < 0 && !context->working_directory_missing_ok) {
*exit_status = EXIT_CHDIR;
return r;
}
return 0;
}
static int apply_root_directory(
@ -3775,7 +3785,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
if (!c->working_directory_home)
return 0;
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
if (c->dynamic_user)
return -EADDRNOTAVAIL;
r = get_home_dir(ret_buf);
@ -4533,7 +4543,7 @@ int exec_invoke(
r = acquire_home(context, &home, &home_buffer);
if (r < 0) {
*exit_status = EXIT_CHDIR;
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
}
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
@ -5372,11 +5382,9 @@ int exec_invoke(
* running this service might have the correct privilege to change to the working directory. Also, it
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
* the cwd cannot be used to pin directories outside of the sandbox. */
r = apply_working_directory(context, params, runtime, home);
if (r < 0) {
*exit_status = EXIT_CHDIR;
r = apply_working_directory(context, params, runtime, home, exit_status);
if (r < 0)
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
}
if (needs_sandboxing) {
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to

View File

@ -1689,11 +1689,6 @@ static int become_shutdown(int objective, int retval) {
/* Tell the binary how often to ping, ignore failure */
(void) strv_extendf(&env_block, "WATCHDOG_USEC="USEC_FMT, watchdog_timer);
/* Make sure that tools that look for $WATCHDOG_USEC (and might get started by the exitrd) don't get
* confused by the variable, because the sd_watchdog_enabled() protocol uses the same variable for
* the same purposes. */
(void) strv_extendf(&env_block, "WATCHDOG_PID=" PID_FMT, getpid_cached());
if (arg_watchdog_device)
(void) strv_extendf(&env_block, "WATCHDOG_DEVICE=%s", arg_watchdog_device);

View File

@ -3426,12 +3426,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
return 0;
}
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
r = service_add_fd_store(s, fd, fdn, do_poll);
if (r < 0) {
log_unit_debug_errno(u, r,
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
return 0;
}
TAKE_FD(fd);
} else if (streq(key, "extra-fd")) {
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
_cleanup_close_ int fd = -EBADF;

View File

@ -193,7 +193,7 @@ int enroll_fido2(
fflush(stdout);
fprintf(stderr,
"\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
"file, see %s for details.\n", link);

View File

@ -427,10 +427,7 @@ int wipe_slots(struct crypt_device *cd,
for (size_t i = n_ordered_slots; i > 0; i--) {
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
if (r < 0) {
if (r == -ENOENT)
log_warning_errno(r, "Failed to wipe non-existent slot %i, continuing.", ordered_slots[i - 1]);
else
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
if (ret == 0)
ret = r;
} else

View File

@ -193,7 +193,7 @@ static int help(void) {
"\n%3$sSimple Enrollment:%4$s\n"
" --password Enroll a user-supplied password\n"
" --recovery-key Enroll a recovery key\n"
"\n%3$sPKCS#11 Enrollment:%4$s\n"
"\n%3$sPKCS11 Enrollment:%4$s\n"
" --pkcs11-token-uri=URI\n"
" Specify PKCS#11 security token URI\n"
"\n%3$sFIDO2 Enrollment:%4$s\n"

View File

@ -1,9 +1,5 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_LIBCRYPTSETUP') != 1
subdir_done()
endif
systemd_cryptenroll_sources = files(
'cryptenroll-list.c',
'cryptenroll-password.c',
@ -28,6 +24,7 @@ executables += [
executable_template + {
'name' : 'systemd-cryptenroll',
'public' : true,
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : systemd_cryptenroll_sources,
'dependencies' : [
libcryptsetup,

View File

@ -1,9 +1,5 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_LIBCRYPTSETUP') != 1
subdir_done()
endif
subdir('cryptsetup-tokens')
systemd_cryptsetup_sources = files(
@ -19,6 +15,7 @@ executables += [
executable_template + {
'name' : 'systemd-cryptsetup',
'public' : true,
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : systemd_cryptsetup_sources,
'dependencies' : [
libcryptsetup,
@ -28,11 +25,14 @@ executables += [
},
generator_template + {
'name' : 'systemd-cryptsetup-generator',
'conditions' : ['HAVE_LIBCRYPTSETUP'],
'sources' : files('cryptsetup-generator.c'),
},
]
# symlink for backwards compatibility after rename
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-cryptsetup',
libexecdir / 'systemd-cryptsetup'))
if conf.get('HAVE_LIBCRYPTSETUP') == 1
# symlink for backwards compatibility after rename
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-cryptsetup',
libexecdir / 'systemd-cryptsetup'))
endif

View File

@ -1,18 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('HAVE_BLKID') != 1
subdir_done()
endif
executables += [
executable_template + {
'name' : 'systemd-dissect',
'public' : true,
'conditions' : ['HAVE_BLKID'],
'sources' : files('dissect.c'),
},
]
install_emptydir(sbindir)
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-dissect',
sbindir / 'mount.ddi'))
if conf.get('HAVE_BLKID') == 1
install_emptydir(sbindir)
meson.add_install_script(sh, '-c',
ln_s.format(bindir / 'systemd-dissect',
sbindir / 'mount.ddi'))
endif

View File

@ -1,18 +1,17 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
if conf.get('ENABLE_ENVIRONMENT_D') != 1
subdir_done()
endif
executables += [
executable_template + {
'name' : '30-systemd-environment-d-generator',
'conditions' : ['ENABLE_ENVIRONMENT_D'],
'sources' : files('environment-d-generator.c'),
'install_dir' : userenvgeneratordir,
},
]
install_emptydir(environmentdir)
meson.add_install_script(sh, '-c',
ln_s.format(sysconfdir / 'environment',
environmentdir / '99-environment.conf'))
if conf.get('ENABLE_ENVIRONMENT_D') == 1
install_emptydir(environmentdir)
meson.add_install_script(sh, '-c',
ln_s.format(sysconfdir / 'environment',
environmentdir / '99-environment.conf'))
endif

View File

@ -23,6 +23,6 @@ const char* const unified_sections[_UNIFIED_SECTION_MAX + 1] = {
[UNIFIED_SECTION_PROFILE] = ".profile",
[UNIFIED_SECTION_DTBAUTO] = ".dtbauto",
[UNIFIED_SECTION_HWIDS] = ".hwids",
[UNIFIED_SECTION_FIRMWARE] = ".efifwauto",
[UNIFIED_SECTION_FIRMWARE] = ".fmw",
NULL,
};

View File

@ -1,12 +0,0 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
executables += [
libexec_template + {
'name' : 'systemd-growfs',
'sources' : files('growfs.c'),
},
libexec_template + {
'name' : 'systemd-makefs',
'sources' : files('makefs.c'),
},
]

Some files were not shown because too many files have changed in this diff Show More