Compare commits
No commits in common. "3f64046cdab77d1c49af6f361d596e78a597873a" and "a8c9824d2a98116cbd6e5689355894158eb73a57" have entirely different histories.
3f64046cda
...
a8c9824d2a
|
@ -10,11 +10,12 @@ systemd provides support for automatically reverting back to the previous
|
|||
version of the OS or kernel in case the system consistently fails to boot. This
|
||||
support is built into various of its components. When used together these
|
||||
components provide a complete solution on UEFI systems, built as add-on to the
|
||||
[Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION).
|
||||
However, the different components may also be used independently, and in
|
||||
combination with other software, to implement similar schemes, for example with
|
||||
other boot loaders or for non-UEFI systems. Here's a brief overview of the
|
||||
complete set of components:
|
||||
[Boot Loader
|
||||
Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). However, the
|
||||
different components may also be used independently, and in combination with
|
||||
other software, to implement similar schemes, for example with other boot
|
||||
loaders or for non-UEFI systems. Here's a brief overview of the complete set of
|
||||
components:
|
||||
|
||||
* The
|
||||
[`systemd-boot(7)`](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)
|
||||
|
@ -44,10 +45,11 @@ complete set of components:
|
|||
|
||||
* The `boot-complete.target` target unit (see
|
||||
[`systemd.special(7)`](https://www.freedesktop.org/software/systemd/man/systemd.special.html))
|
||||
serves as a generic extension point both for units that are necessary to
|
||||
consider a boot successful (example: `systemd-boot-check-no-failures.service`
|
||||
as described above), and units that want to act only if the boot is
|
||||
successful (example: `systemd-bless-boot.service` as described above).
|
||||
serves as a generic extension point both for units that shall be considered
|
||||
necessary to consider a boot successful on one side (example:
|
||||
`systemd-boot-check-no-failures.service` as described above), and units that
|
||||
want to act only if the boot is successful on the other (example:
|
||||
`systemd-bless-boot.service` as described above).
|
||||
|
||||
* The
|
||||
[`kernel-install(8)`](https://www.freedesktop.org/software/systemd/man/kernel-install.html)
|
||||
|
|
|
@ -111,7 +111,6 @@ sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100CHI*
|
|||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT300CHI*
|
||||
ACCEL_MOUNT_MATRIX=0, -1, 0; 1, 0, 0; 0, 0, 1
|
||||
|
||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnM80TA*
|
||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA*
|
||||
sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:pnT200TA*
|
||||
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
||||
|
|
|
@ -8778,7 +8778,7 @@ node /org/freedesktop/systemd1/unit/system_2eslice {
|
|||
<refsect1>
|
||||
<title>Scope Unit Objects</title>
|
||||
|
||||
<para>All scope unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
|
||||
<para>All slice unit objects implement the <interfacename>org.freedesktop.systemd1.Scope</interfacename>
|
||||
interface (described here) in addition to the generic
|
||||
<interfacename>org.freedesktop.systemd1.Unit</interfacename> interface (see above).</para>
|
||||
|
||||
|
|
|
@ -34,7 +34,6 @@ static int help(int argc, char *argv[], void *userdata) {
|
|||
printf("%s [OPTIONS...] COMMAND\n"
|
||||
"\n%sMark the boot process as good or bad.%s\n"
|
||||
"\nCommands:\n"
|
||||
" status Show status of current boot loader entry\n"
|
||||
" good Mark this boot as good\n"
|
||||
" bad Mark this boot as bad\n"
|
||||
" indeterminate Undo any marking as good or bad\n"
|
||||
|
|
|
@ -46,7 +46,7 @@ int print_qr_code(
|
|||
_cleanup_(dlclosep) void *dl = NULL;
|
||||
_cleanup_free_ char *url = NULL;
|
||||
_cleanup_fclose_ FILE *f = NULL;
|
||||
size_t url_size = 0;
|
||||
size_t url_size = 0, i;
|
||||
unsigned x, y;
|
||||
QRcode* qr;
|
||||
int r;
|
||||
|
@ -79,7 +79,7 @@ int print_qr_code(
|
|||
|
||||
fputs("fss://", f);
|
||||
|
||||
for (size_t i = 0; i < seed_size; i++) {
|
||||
for (i = 0; i < seed_size; i++) {
|
||||
if (i > 0 && i % 3 == 0)
|
||||
fputc('-', f);
|
||||
fprintf(f, "%02x", ((uint8_t*) seed)[i]);
|
||||
|
|
|
@ -1790,7 +1790,7 @@ static int add_syslog_identifier(sd_journal *j) {
|
|||
|
||||
static int setup_keys(void) {
|
||||
#if HAVE_GCRYPT
|
||||
size_t mpk_size, seed_size, state_size;
|
||||
size_t mpk_size, seed_size, state_size, i;
|
||||
_cleanup_(unlink_and_freep) char *k = NULL;
|
||||
_cleanup_free_ char *p = NULL;
|
||||
uint8_t *mpk, *seed, *state;
|
||||
|
@ -1902,49 +1902,52 @@ static int setup_keys(void) {
|
|||
|
||||
k = mfree(k);
|
||||
|
||||
_cleanup_free_ char *hn = NULL;
|
||||
|
||||
if (on_tty()) {
|
||||
hn = gethostname_malloc();
|
||||
if (hn)
|
||||
hostname_cleanup(hn);
|
||||
|
||||
char tsb[FORMAT_TIMESPAN_MAX];
|
||||
fprintf(stderr,
|
||||
"\nNew keys have been generated for host %s%s" SD_ID128_FORMAT_STR ".\n"
|
||||
"\n"
|
||||
"The %ssecret sealing key%s has been written to the following local file.\n"
|
||||
"This key file is automatically updated when the sealing key is advanced.\n"
|
||||
"It should not be used on multiple hosts.\n"
|
||||
"The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
|
||||
"the following local file. This key file is automatically updated when the\n"
|
||||
"sealing key is advanced. It should not be used on multiple hosts.\n"
|
||||
"\n"
|
||||
"\t%s\n"
|
||||
"\n"
|
||||
"The sealing key is automatically changed every %s.\n"
|
||||
"\n"
|
||||
"Please write down the following %ssecret verification key%s. It should be stored\n"
|
||||
"in a safe location and should not be saved locally on disk.\n"
|
||||
"at a safe location and should not be saved locally on disk.\n"
|
||||
"\n\t%s",
|
||||
hn ?: "", hn ? "/" : "", SD_ID128_FORMAT_VAL(machine),
|
||||
ansi_highlight(), ansi_normal(),
|
||||
p,
|
||||
format_timespan(tsb, sizeof(tsb), arg_interval, 0),
|
||||
ansi_highlight(), ansi_normal(),
|
||||
ansi_highlight_red());
|
||||
fflush(stderr);
|
||||
}
|
||||
|
||||
for (size_t i = 0; i < seed_size; i++) {
|
||||
for (i = 0; i < seed_size; i++) {
|
||||
if (i > 0 && i % 3 == 0)
|
||||
putchar('-');
|
||||
printf("%02x", ((uint8_t*) seed)[i]);
|
||||
}
|
||||
|
||||
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
|
||||
|
||||
if (on_tty()) {
|
||||
fprintf(stderr, "%s", ansi_normal());
|
||||
_cleanup_free_ char *hn = NULL;
|
||||
char tsb[FORMAT_TIMESPAN_MAX];
|
||||
|
||||
fprintf(stderr,
|
||||
"%s\n"
|
||||
"The sealing key is automatically changed every %s.\n",
|
||||
ansi_normal(),
|
||||
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
|
||||
|
||||
hn = gethostname_malloc();
|
||||
if (hn) {
|
||||
hostname_cleanup(hn);
|
||||
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
|
||||
} else
|
||||
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
|
||||
|
||||
#if HAVE_QRENCODE
|
||||
(void) print_qr_code(stderr,
|
||||
"\nTo transfer the verification key to your phone scan the QR code below:\n",
|
||||
"\nTo transfer the verification key to your phone please scan the QR code below:\n\n",
|
||||
seed, seed_size,
|
||||
n, arg_interval,
|
||||
hn, machine);
|
||||
|
|
|
@ -487,7 +487,7 @@ static int address_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, Link
|
|||
r = sd_netlink_message_get_errno(m);
|
||||
if (r < 0 && r != -EADDRNOTAVAIL)
|
||||
log_link_message_warning_errno(link, m, r, "Could not drop address");
|
||||
else if (r >= 0)
|
||||
else
|
||||
(void) manager_rtnl_process_address(rtnl, m, link->manager);
|
||||
|
||||
return 1;
|
||||
|
|
|
@ -1365,14 +1365,7 @@ static int link_request_set_addresses(Link *link) {
|
|||
assert(link->network);
|
||||
assert(link->state != _LINK_STATE_INVALID);
|
||||
|
||||
if (link->address_remove_messages != 0) {
|
||||
log_link_debug(link, "Removing old addresses, new addresses will be configured later.");
|
||||
link->request_static_addresses = true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Reset all *_configured flags we are configuring. */
|
||||
link->request_static_addresses = false;
|
||||
link->addresses_configured = false;
|
||||
link->addresses_ready = false;
|
||||
link->neighbors_configured = false;
|
||||
|
@ -2891,35 +2884,6 @@ static int link_drop_foreign_config(Link *link) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int remove_static_address_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) {
|
||||
int r;
|
||||
|
||||
assert(m);
|
||||
assert(link);
|
||||
assert(link->ifname);
|
||||
assert(link->address_remove_messages > 0);
|
||||
|
||||
link->address_remove_messages--;
|
||||
|
||||
if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER))
|
||||
return 1;
|
||||
|
||||
r = sd_netlink_message_get_errno(m);
|
||||
if (r < 0 && r != -EADDRNOTAVAIL)
|
||||
log_link_message_warning_errno(link, m, r, "Could not drop address");
|
||||
else if (r >= 0)
|
||||
(void) manager_rtnl_process_address(rtnl, m, link->manager);
|
||||
|
||||
if (link->address_remove_messages == 0 && link->request_static_addresses) {
|
||||
link_set_state(link, LINK_STATE_CONFIGURING);
|
||||
r = link_request_set_addresses(link);
|
||||
if (r < 0)
|
||||
link_enter_failed(link);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int link_drop_config(Link *link) {
|
||||
Address *address, *pool_address;
|
||||
Neighbor *neighbor;
|
||||
|
@ -2932,20 +2896,19 @@ static int link_drop_config(Link *link) {
|
|||
if (address->family == AF_INET6 && in_addr_is_link_local(AF_INET6, &address->in_addr) == 1 && link_ipv6ll_enabled(link))
|
||||
continue;
|
||||
|
||||
r = address_remove(address, link, remove_static_address_handler);
|
||||
r = address_remove(address, link, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
link->address_remove_messages++;
|
||||
|
||||
/* If this address came from an address pool, clean up the pool */
|
||||
LIST_FOREACH(addresses, pool_address, link->pool_addresses)
|
||||
LIST_FOREACH(addresses, pool_address, link->pool_addresses) {
|
||||
if (address_equal(address, pool_address)) {
|
||||
LIST_REMOVE(addresses, link->pool_addresses, pool_address);
|
||||
address_free(pool_address);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
SET_FOREACH(neighbor, link->neighbors, i) {
|
||||
r = neighbor_remove(neighbor, link, NULL);
|
||||
|
|
|
@ -75,7 +75,6 @@ typedef struct Link {
|
|||
LinkAddressState address_state;
|
||||
|
||||
unsigned address_messages;
|
||||
unsigned address_remove_messages;
|
||||
unsigned address_label_messages;
|
||||
unsigned neighbor_messages;
|
||||
unsigned route_messages;
|
||||
|
@ -112,7 +111,6 @@ typedef struct Link {
|
|||
sd_ipv4ll *ipv4ll;
|
||||
bool ipv4ll_address_configured:1;
|
||||
|
||||
bool request_static_addresses:1;
|
||||
bool addresses_configured:1;
|
||||
bool addresses_ready:1;
|
||||
bool neighbors_configured:1;
|
||||
|
|
|
@ -54,7 +54,7 @@ static const char* af_to_string(int family, char *buf, size_t buf_len) {
|
|||
return buf;
|
||||
}
|
||||
|
||||
static void* open_handle(const char *dir, const char *module, int flags) {
|
||||
static void* open_handle(const char* dir, const char* module, int flags) {
|
||||
const char *path = NULL;
|
||||
void *handle;
|
||||
|
||||
|
@ -63,7 +63,6 @@ static void* open_handle(const char *dir, const char *module, int flags) {
|
|||
if (!path || access(path, F_OK) < 0)
|
||||
path = strjoina("libnss_", module, ".so.2");
|
||||
|
||||
log_debug("Using %s", path);
|
||||
handle = dlopen(path, flags);
|
||||
if (!handle)
|
||||
log_error("Failed to load module %s: %s", module, dlerror());
|
||||
|
@ -71,9 +70,10 @@ static void* open_handle(const char *dir, const char *module, int flags) {
|
|||
}
|
||||
|
||||
static int print_gaih_addrtuples(const struct gaih_addrtuple *tuples) {
|
||||
const struct gaih_addrtuple *it;
|
||||
int n = 0;
|
||||
|
||||
for (const struct gaih_addrtuple *it = tuples; it; it = it->next) {
|
||||
for (it = tuples; it; it = it->next) {
|
||||
_cleanup_free_ char *a = NULL;
|
||||
union in_addr_union u;
|
||||
int r;
|
||||
|
@ -147,10 +147,7 @@ static void test_gethostbyname4_r(void *handle, const char *module, const char *
|
|||
fname = strjoina("_nss_", module, "_gethostbyname4_r");
|
||||
f = dlsym(handle, fname);
|
||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
return;
|
||||
}
|
||||
assert_se(f);
|
||||
|
||||
status = f(name, &pat, buffer, sizeof buffer, &errno1, &errno2, &ttl);
|
||||
if (status == NSS_STATUS_SUCCESS) {
|
||||
|
@ -200,10 +197,7 @@ static void test_gethostbyname3_r(void *handle, const char *module, const char *
|
|||
fname = strjoina("_nss_", module, "_gethostbyname3_r");
|
||||
f = dlsym(handle, fname);
|
||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
return;
|
||||
}
|
||||
assert_se(f);
|
||||
|
||||
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2, &ttl, &canon);
|
||||
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s ttl=%"PRIi32,
|
||||
|
@ -229,10 +223,7 @@ static void test_gethostbyname2_r(void *handle, const char *module, const char *
|
|||
fname = strjoina("_nss_", module, "_gethostbyname2_r");
|
||||
f = dlsym(handle, fname);
|
||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
return;
|
||||
}
|
||||
assert_se(f);
|
||||
|
||||
status = f(name, af, &host, buffer, sizeof buffer, &errno1, &errno2);
|
||||
log_info("%s(\"%s\", %s) → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
||||
|
@ -256,10 +247,7 @@ static void test_gethostbyname_r(void *handle, const char *module, const char *n
|
|||
fname = strjoina("_nss_", module, "_gethostbyname_r");
|
||||
f = dlsym(handle, fname);
|
||||
log_debug("dlsym(0x%p, %s) → 0x%p", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
return;
|
||||
}
|
||||
assert_se(f);
|
||||
|
||||
status = f(name, &host, buffer, sizeof buffer, &errno1, &errno2);
|
||||
log_info("%s(\"%s\") → status=%s%-20serrno=%d/%s h_errno=%d/%s",
|
||||
|
@ -291,10 +279,8 @@ static void test_gethostbyaddr2_r(void *handle,
|
|||
|
||||
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
||||
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
if (!f)
|
||||
return;
|
||||
}
|
||||
|
||||
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
||||
|
||||
|
@ -328,10 +314,8 @@ static void test_gethostbyaddr_r(void *handle,
|
|||
|
||||
log_full_errno(f ? LOG_DEBUG : LOG_INFO, errno,
|
||||
"dlsym(0x%p, %s) → 0x%p: %m", handle, fname, f);
|
||||
if (!f) {
|
||||
log_info("%s not defined", fname);
|
||||
if (!f)
|
||||
return;
|
||||
}
|
||||
|
||||
assert_se(in_addr_to_string(af, addr, &addr_pretty) >= 0);
|
||||
|
||||
|
@ -404,13 +388,14 @@ static int make_addresses(struct local_address **addresses) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int test_one_module(const char *dir,
|
||||
static int test_one_module(const char* dir,
|
||||
const char *module,
|
||||
char **names,
|
||||
struct local_address *addresses,
|
||||
int n_addresses) {
|
||||
void *handle;
|
||||
char **name;
|
||||
int i;
|
||||
|
||||
log_info("======== %s ========", module);
|
||||
|
||||
|
@ -421,7 +406,7 @@ static int test_one_module(const char *dir,
|
|||
STRV_FOREACH(name, names)
|
||||
test_byname(handle, module, *name);
|
||||
|
||||
for (int i = 0; i < n_addresses; i++)
|
||||
for (i = 0; i < n_addresses; i++)
|
||||
test_byaddr(handle, module,
|
||||
&addresses[i].address,
|
||||
FAMILY_ADDRESS_SIZE(addresses[i].family),
|
||||
|
|
|
@ -98,6 +98,9 @@ static void test_syscall_filter_set_find(void) {
|
|||
}
|
||||
|
||||
static void test_filter_sets(void) {
|
||||
unsigned i;
|
||||
int r;
|
||||
|
||||
log_info("/* %s */", __func__);
|
||||
|
||||
if (!is_seccomp_available()) {
|
||||
|
@ -109,7 +112,7 @@ static void test_filter_sets(void) {
|
|||
return;
|
||||
}
|
||||
|
||||
for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
||||
for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
|
||||
pid_t pid;
|
||||
|
||||
log_info("Testing %s", syscall_filter_sets[i].name);
|
||||
|
@ -118,7 +121,7 @@ static void test_filter_sets(void) {
|
|||
assert_se(pid >= 0);
|
||||
|
||||
if (pid == 0) { /* Child? */
|
||||
int fd, r;
|
||||
int fd;
|
||||
|
||||
/* If we look at the default set (or one that includes it), allow-list instead of deny-list */
|
||||
if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE))
|
||||
|
|
Loading…
Reference in New Issue