Compare commits

..

No commits in common. "3f64046cdab77d1c49af6f361d596e78a597873a" and "a8c9824d2a98116cbd6e5689355894158eb73a57" have entirely different histories.

11 changed files with 59 additions and 107 deletions

View File

@ -10,11 +10,12 @@ systemd provides support for automatically reverting back to the previous
version of the OS or kernel in case the system consistently fails to boot. This version of the OS or kernel in case the system consistently fails to boot. This
support is built into various of its components. When used together these support is built into various of its components. When used together these
components provide a complete solution on UEFI systems, built as add-on to the components provide a complete solution on UEFI systems, built as add-on to the
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). [Boot Loader
However, the different components may also be used independently, and in Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). However, the
combination with other software, to implement similar schemes, for example with different components may also be used independently, and in combination with
other boot loaders or for non-UEFI systems. Here's a brief overview of the other software, to implement similar schemes, for example with other boot
complete set of components: loaders or for non-UEFI systems. Here's a brief overview of the complete set of
components:
* The * The
[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html) [`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
@ -44,10 +45,11 @@ complete set of components:
* The `boot-complete.target` target unit (see * The `boot-complete.target` target unit (see
[`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html)) [`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
serves as a generic extension point both for units that are necessary to serves as a generic extension point both for units that shall be considered
consider a boot successful (example: `systemd-boot-check-no-failures.service` necessary to consider a boot successful on one side (example:
as described above), and units that want to act only if the boot is `systemd-boot-check-no-failures.service` as described above), and units that
successful (example: `systemd-bless-boot.service` as described above). want to act only if the boot is successful on the other (example:
`systemd-bless-boot.service` as described above).
* The * The
[`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html) [`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)

View File

@ -111,7 +111,6 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100CHI*
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI* sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI*
ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnM80TA*
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA* sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA*
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA* sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA*
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1

View File

@ -8778,7 +8778,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
<refsect1> <refsect1>
<title>Scope Unit Objects</title> <title>Scope Unit Objects</title>
<para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename> <para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
interface (described here) in addition to the generic interface (described here) in addition to the generic
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para> <interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>

View File

@ -34,7 +34,6 @@ static int help(int argc, char *argv[], void *userdata) {
printf("%s [OPTIONS...] COMMAND\n" printf("%s [OPTIONS...] COMMAND\n"
"\n%sMark the boot process as good or bad.%s\n" "\n%sMark the boot process as good or bad.%s\n"
"\nCommands:\n" "\nCommands:\n"
" status Show status of current boot loader entry\n"
" good Mark this boot as good\n" " good Mark this boot as good\n"
" bad Mark this boot as bad\n" " bad Mark this boot as bad\n"
" indeterminate Undo any marking as good or bad\n" " indeterminate Undo any marking as good or bad\n"

View File

@ -46,7 +46,7 @@ int print_qr_code(
_cleanup_(dlclosep) void *dl = NULL; _cleanup_(dlclosep) void *dl = NULL;
_cleanup_free_ char *url = NULL; _cleanup_free_ char *url = NULL;
_cleanup_fclose_ FILE *f = NULL; _cleanup_fclose_ FILE *f = NULL;
size_t url_size = 0; size_t url_size = 0, i;
unsigned x, y; unsigned x, y;
QRcode* qr; QRcode* qr;
int r; int r;
@ -79,7 +79,7 @@ int print_qr_code(
fputs("fss://", f); fputs("fss://", f);
for (size_t i = 0; i < seed_size; i++) { for (i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0) if (i > 0 && i % 3 == 0)
fputc('-', f); fputc('-', f);
fprintf(f, "%02x", ((uint8_t*) seed)[i]); fprintf(f, "%02x", ((uint8_t*) seed)[i]);

View File

@ -1790,7 +1790,7 @@ static int add_syslog_identifier(sd_journal *j) {
static int setup_keys(void) { static int setup_keys(void) {
#if HAVE_GCRYPT #if HAVE_GCRYPT
size_t mpk_size, seed_size, state_size; size_t mpk_size, seed_size, state_size, i;
_cleanup_(unlink_and_freep) char *k = NULL; _cleanup_(unlink_and_freep) char *k = NULL;
_cleanup_free_ char *p = NULL; _cleanup_free_ char *p = NULL;
uint8_t *mpk, *seed, *state; uint8_t *mpk, *seed, *state;
@ -1902,49 +1902,52 @@ static int setup_keys(void) {
k = mfree(k); k = mfree(k);
_cleanup_free_ char *hn = NULL;
if (on_tty()) { if (on_tty()) {
hn = gethostname_malloc();
if (hn)
hostname_cleanup(hn);
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr, fprintf(stderr,
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
"\n" "\n"
"The %ssecret sealing key%s has been written to the following local file.\n" "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
"This key file is automatically updated when the sealing key is advanced.\n" "the following local file. This key file is automatically updated when the\n"
"It should not be used on multiple hosts.\n" "sealing key is advanced. It should not be used on multiple hosts.\n"
"\n" "\n"
"\t%s\n" "\t%s\n"
"\n" "\n"
"The sealing key is automatically changed every %s.\n"
"\n"
"Please write down the following %ssecret verification key%s. It should be stored\n" "Please write down the following %ssecret verification key%s. It should be stored\n"
"in a safe location and should not be saved locally on disk.\n" "at a safe location and should not be saved locally on disk.\n"
"\n\t%s", "\n\t%s",
hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
ansi_highlight(), ansi_normal(), ansi_highlight(), ansi_normal(),
p, p,
format_timespan(tsb, sizeof(tsb), arg_interval, 0),
ansi_highlight(), ansi_normal(), ansi_highlight(), ansi_normal(),
ansi_highlight_red()); ansi_highlight_red());
fflush(stderr); fflush(stderr);
} }
for (i = 0; i < seed_size; i++) {
for (size_t i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0) if (i > 0 && i % 3 == 0)
putchar('-'); putchar('-');
printf("%02x", ((uint8_t*) seed)[i]); printf("%02x", ((uint8_t*) seed)[i]);
} }
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval); printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
if (on_tty()) { if (on_tty()) {
fprintf(stderr, "%s", ansi_normal()); _cleanup_free_ char *hn = NULL;
char tsb[FORMAT_TIMESPAN_MAX];
fprintf(stderr,
"%s\n"
"The sealing key is automatically changed every %s.\n",
ansi_normal(),
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
hn = gethostname_malloc();
if (hn) {
hostname_cleanup(hn);
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
} else
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
#if HAVE_QRENCODE #if HAVE_QRENCODE
(void) print_qr_code(stderr, (void) print_qr_code(stderr,
"\nTo transfer the verification key to your phone scan the QR code below:\n", "\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
seed, seed_size, seed, seed_size,
n, arg_interval, n, arg_interval,
hn, machine); hn, machine);

View File

@ -487,7 +487,7 @@ static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link
r = sd_netlink_message_get_errno(m); r = sd_netlink_message_get_errno(m);
if (r < 0 && r != -EADDRNOTAVAIL) if (r < 0 && r != -EADDRNOTAVAIL)
log_link_message_warning_errno(link, m, r, "Could not drop address"); log_link_message_warning_errno(link, m, r, "Could not drop address");
else if (r >= 0) else
(void) manager_rtnl_process_address(rtnl, m, link->manager); (void) manager_rtnl_process_address(rtnl, m, link->manager);
return 1; return 1;

View File

@ -1365,14 +1365,7 @@ static int link_request_set_addresses(Link *link) {
assert(link->network); assert(link->network);
assert(link->state != _LINK_STATE_INVALID); assert(link->state != _LINK_STATE_INVALID);
if (link->address_remove_messages != 0) {
log_link_debug(link, "Removing old addresses, new addresses will be configured later.");
link->request_static_addresses = true;
return 0;
}
/* Reset all *_configured flags we are configuring. */ /* Reset all *_configured flags we are configuring. */
link->request_static_addresses = false;
link->addresses_configured = false; link->addresses_configured = false;
link->addresses_ready = false; link->addresses_ready = false;
link->neighbors_configured = false; link->neighbors_configured = false;
@ -2891,35 +2884,6 @@ static int link_drop_foreign_config(Link *link) {
return 0; return 0;
} }
static int remove_static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
int r;
assert(m);
assert(link);
assert(link->ifname);
assert(link->address_remove_messages > 0);
link->address_remove_messages--;
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
return 1;
r = sd_netlink_message_get_errno(m);
if (r < 0 && r != -EADDRNOTAVAIL)
log_link_message_warning_errno(link, m, r, "Could not drop address");
else if (r >= 0)
(void) manager_rtnl_process_address(rtnl, m, link->manager);
if (link->address_remove_messages == 0 && link->request_static_addresses) {
link_set_state(link, LINK_STATE_CONFIGURING);
r = link_request_set_addresses(link);
if (r < 0)
link_enter_failed(link);
}
return 1;
}
static int link_drop_config(Link *link) { static int link_drop_config(Link *link) {
Address *address, *pool_address; Address *address, *pool_address;
Neighbor *neighbor; Neighbor *neighbor;
@ -2932,20 +2896,19 @@ static int link_drop_config(Link *link) {
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link)) if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link))
continue; continue;
r = address_remove(address, link, remove_static_address_handler); r = address_remove(address, link, NULL);
if (r < 0) if (r < 0)
return r; return r;
link->address_remove_messages++;
/* If this address came from an address pool, clean up the pool */ /* If this address came from an address pool, clean up the pool */
LIST_FOREACH(addresses, pool_address, link->pool_addresses) LIST_FOREACH(addresses, pool_address, link->pool_addresses) {
if (address_equal(address, pool_address)) { if (address_equal(address, pool_address)) {
LIST_REMOVE(addresses, link->pool_addresses, pool_address); LIST_REMOVE(addresses, link->pool_addresses, pool_address);
address_free(pool_address); address_free(pool_address);
break; break;
} }
} }
}
SET_FOREACH(neighbor, link->neighbors, i) { SET_FOREACH(neighbor, link->neighbors, i) {
r = neighbor_remove(neighbor, link, NULL); r = neighbor_remove(neighbor, link, NULL);

View File

@ -75,7 +75,6 @@ typedef struct Link {
LinkAddressState address_state; LinkAddressState address_state;
unsigned address_messages; unsigned address_messages;
unsigned address_remove_messages;
unsigned address_label_messages; unsigned address_label_messages;
unsigned neighbor_messages; unsigned neighbor_messages;
unsigned route_messages; unsigned route_messages;
@ -112,7 +111,6 @@ typedef struct Link {
sd_ipv4ll *ipv4ll; sd_ipv4ll *ipv4ll;
bool ipv4ll_address_configured:1; bool ipv4ll_address_configured:1;
bool request_static_addresses:1;
bool addresses_configured:1; bool addresses_configured:1;
bool addresses_ready:1; bool addresses_ready:1;
bool neighbors_configured:1; bool neighbors_configured:1;

View File

@ -63,7 +63,6 @@ static void* open_handle(const char *dir, const char *module, int flags) {
if (!path || access(path, F_OK) < 0) if (!path || access(path, F_OK) < 0)
path = strjoina("libnss_", module, ".so.2"); path = strjoina("libnss_", module, ".so.2");
log_debug("Using %s", path);
handle = dlopen(path, flags); handle = dlopen(path, flags);
if (!handle) if (!handle)
log_error("Failed to load module %s: %s", module, dlerror()); log_error("Failed to load module %s: %s", module, dlerror());
@ -71,9 +70,10 @@ static void* open_handle(const char *dir, const char *module, int flags) {
} }
static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) { static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
const struct gaih_addrtuple *it;
int n = 0; int n = 0;
for (const struct gaih_addrtuple *it = tuples; it; it = it->next) { for (it = tuples; it; it = it->next) {
_cleanup_free_ char *a = NULL; _cleanup_free_ char *a = NULL;
union in_addr_union u; union in_addr_union u;
int r; int r;
@ -147,10 +147,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname4_r"); fname = strjoina("_nss_", module, "_gethostbyname4_r");
f = dlsym(handle, fname); f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f); log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
if (!f) { assert_se(f);
log_info("%s not defined", fname);
return;
}
status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl); status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
if (status == NSS_STATUS_SUCCESS) { if (status == NSS_STATUS_SUCCESS) {
@ -200,10 +197,7 @@ static void test_gethostbyname3_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname3_r"); fname = strjoina("_nss_", module, "_gethostbyname3_r");
f = dlsym(handle, fname); f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f); log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
if (!f) { assert_se(f);
log_info("%s not defined", fname);
return;
}
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon); status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32, log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
@ -229,10 +223,7 @@ static void test_gethostbyname2_r(void *handle, const char *module, const char *
fname = strjoina("_nss_", module, "_gethostbyname2_r"); fname = strjoina("_nss_", module, "_gethostbyname2_r");
f = dlsym(handle, fname); f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f); log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
if (!f) { assert_se(f);
log_info("%s not defined", fname);
return;
}
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2); status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s", log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -256,10 +247,7 @@ static void test_gethostbyname_r(void *handle, const char *module, const char *n
fname = strjoina("_nss_", module, "_gethostbyname_r"); fname = strjoina("_nss_", module, "_gethostbyname_r");
f = dlsym(handle, fname); f = dlsym(handle, fname);
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f); log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
if (!f) { assert_se(f);
log_info("%s not defined", fname);
return;
}
status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2); status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s", log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
@ -291,10 +279,8 @@ static void test_gethostbyaddr2_r(void *handle,
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno, log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f); "dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
if (!f) { if (!f)
log_info("%s not defined", fname);
return; return;
}
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0); assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
@ -328,10 +314,8 @@ static void test_gethostbyaddr_r(void *handle,
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno, log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f); "dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
if (!f) { if (!f)
log_info("%s not defined", fname);
return; return;
}
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0); assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
@ -411,6 +395,7 @@ static int test_one_module(const char *dir,
int n_addresses) { int n_addresses) {
void *handle; void *handle;
char **name; char **name;
int i;
log_info("======== %s ========", module); log_info("======== %s ========", module);
@ -421,7 +406,7 @@ static int test_one_module(const char *dir,
STRV_FOREACH(name, names) STRV_FOREACH(name, names)
test_byname(handle, module, *name); test_byname(handle, module, *name);
for (int i = 0; i < n_addresses; i++) for (i = 0; i < n_addresses; i++)
test_byaddr(handle, module, test_byaddr(handle, module,
&addresses[i].address, &addresses[i].address,
FAMILY_ADDRESS_SIZE(addresses[i].family), FAMILY_ADDRESS_SIZE(addresses[i].family),

View File

@ -98,6 +98,9 @@ static void test_syscall_filter_set_find(void) {
} }
static void test_filter_sets(void) { static void test_filter_sets(void) {
unsigned i;
int r;
log_info("/* %s */", __func__); log_info("/* %s */", __func__);
if (!is_seccomp_available()) { if (!is_seccomp_available()) {
@ -109,7 +112,7 @@ static void test_filter_sets(void) {
return; return;
} }
for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
pid_t pid; pid_t pid;
log_info("Testing %s", syscall_filter_sets[i].name); log_info("Testing %s", syscall_filter_sets[i].name);
@ -118,7 +121,7 @@ static void test_filter_sets(void) {
assert_se(pid >= 0); assert_se(pid >= 0);
if (pid == 0) { /* Child? */ if (pid == 0) { /* Child? */
int fd, r; int fd;
/* If we look at the default set (or one that includes it), allow-list instead of deny-list */ /* If we look at the default set (or one that includes it), allow-list instead of deny-list */
if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE)) if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))