Compare commits

...

127 Commits

Author SHA1 Message Date
Ondrej Kozina 5198a7d0af
Merge c91c6c2a47 into d8091e1281 2024-11-08 13:33:10 +08:00
Ryan Wilson d8091e1281 Fix PrivatePIDs=yes integration test for kernels with no /proc/scsi 2024-11-08 13:38:35 +09:00
Lennart Poettering 0df42ebcd6 sd-varlink: allow that method handles call sd_varlink_close()
It's fine if a method handler closes the connection, deal with it
gracefully.
2024-11-07 22:30:42 +01:00
Daan De Meyer 20c03ed72b
tree-wide: Introduce --certificate-source= option (#35057)
This allows loading the X.509 certificate from an OpenSSL provider
instead of a file system path. This allows loading certficates directly
from hardware tokens instead of having to export them to a file on
disk first.










































<!-- devel-freezer =
{"comment-id":"2460915782","freezing-tag":"v257-rc1"} -->
2024-11-07 21:51:00 +01:00
Daan De Meyer 64cc7ba517 ukify: Introduce --certificate-provider= option
This translates to --certificate-source=provider:<provider> for
signing tools invoked by ukify.
2024-11-07 20:33:08 +01:00
Daan De Meyer c4bc0fd6de measure: Add pcrpkey verb
This verb writes a public key to stdout extracted from either a public key
path, from a certificate (path or provider) or from a private key (path,
engine, provider). We'll use this in ukify to get rid of the use of the
python cryptography module to convert a private key or certificate to a
public key.
2024-11-07 20:33:08 +01:00
Daan De Meyer a1d46e3078 tree-wide: Introduce --certificate-source= option
This allows loading the X.509 certificate from an OpenSSL provider
instead of a file system path. This allows loading certficates directly
from hardware tokens instead of having to export them to a file on
disk first.
2024-11-07 20:30:47 +01:00
Daan De Meyer 5619a61829 openssl-util: Set expected object type to private keys
Configures the store to only try to fetch private keys and nothing
else.
2024-11-07 20:24:59 +01:00
Daan De Meyer 4047b99c00 bootctl: Validate private key path 2024-11-07 20:24:59 +01:00
Daan De Meyer 5cca978dae mkosi: Add pytest to tools 2024-11-07 20:24:59 +01:00
Yu Watanabe dd2bf3141b
Split and rename src/boot (#35068) 2024-11-08 04:13:45 +09:00
Vursc eb03dffd97 hwdb: fix broken numpad paren keys on Lenovo Thinkbook 16 G6+ 2024 2024-11-08 04:09:55 +09:00
Anselm Schueler 73f4882ef3 po: Translated using Weblate (German)
Currently translated at 89.8% (231 of 257 strings)

Co-authored-by: Anselm Schueler <mail@anselmschueler.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-07 15:48:31 +01:00
Zbigniew Jędrzejewski-Szmek 9a10d7eae5 github: adjust version number in templates
Most people are probably on stable releases, but we don't want to update the
minor version all the time, so just specify 256.x as a hint to fill in the
full version.
2024-11-07 15:39:30 +01:00
Zbigniew Jędrzejewski-Szmek 97318131fd Rename src/boot/efi to just src/boot
I very much dislike the approach in which we were mixing Linux and UEFI C code
in the same subdirectory. No code was shared between two environments. This
layout was created in e7dd673d1e, with the
justification of "being more consistent with the rest of systemd", but I don't
see how it's supposed to be so.

Originally, when the C code was just a single bootctl.c file, this wasn't so
bad. But over time the userspace code grew quite a bit. With the moves done in
previuos commits, the intermediate subdirectory is now empty except for the
efi/ subdir, and this additional subdirectory level doesn't have a good
justification. The components is called "systemd-boot", not "systemd-efi", and
we can remove one level of indentation.
2024-11-07 14:52:06 +01:00
Zbigniew Jędrzejewski-Szmek 5ffff673ac Move systemd-sbsign to its own source subdirectory
It's already two files, and I expect that more will come. It's nicer to give
its own subdirectory to maintain consistent structure.
2024-11-07 14:51:43 +01:00
Zbigniew Jędrzejewski-Szmek 1dabec0056 Move systemd-measure to its own source subdirectory
We have other subdirectories with just a single C file. And I expect
that systemd-measure will only grow over time, adding new functionality.
It's nicer to give its own subdirectory to maintain consistent structure.
2024-11-07 14:50:53 +01:00
Zbigniew Jędrzejewski-Szmek daf72e8df1 Move bless-boot components to their own source subdirectory 2024-11-07 14:50:41 +01:00
Zbigniew Jędrzejewski-Szmek 0b676aab33 Move bootctl to its own source subdirectory
It's been split into a bunch of files and deserves its own subdirectory
similarly to systemctl.
2024-11-07 14:15:00 +01:00
Luca Boccassi bb5936f7f3 man: fix typos flagged by Lintian 2024-11-07 18:51:21 +09:00
Yu Watanabe 869fe6c9e4
Translations update from Fedora Weblate (#35060) 2024-11-07 18:50:23 +09:00
Luca Boccassi 9a032ec55a test: fix assertion on build system
/* test_path_is_network_fs_harder */
src/test/test-mount-util.c:541: Assertion failed: expected "path_is_network_fs_harder("/")" to succeed but got the following error: Invalid argument

https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=all&ver=257%7Erc1-1&stamp=1730945197&raw=0

Follow-up for d49d95df0a
2024-11-07 18:48:44 +09:00
Oğuz Ersen 100ceecc6c po: Translated using Weblate (Turkish)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Oğuz Ersen <oguz@ersen.moe>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/tr/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Luna Jernberg af76e987e8 po: Translated using Weblate (Swedish)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Luna Jernberg <bittin@reimu.nl>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/sv/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Sergey A d73735fbe1 po: Translated using Weblate (Russian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Sergey A <Ser82-png@yandex.ru>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ru/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Piotr Drąg 01aafdf637 po: Translated using Weblate (Polish)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Piotr Drąg <piotrdrag@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/pl/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Andika Triwidada 67c1f6bf04 po: Translated using Weblate (Indonesian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Andika Triwidada <andika@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/id/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Léane GRASSER b0cb4c70a9 po: Translated using Weblate (French)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Léane GRASSER <leane.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Temuri Doghonadze e75d25ac1e po: Translated using Weblate (Georgian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ka/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
김인수 d9b96bf093 po: Translated using Weblate (Korean)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: 김인수 <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/ko/
Translation: systemd/main
2024-11-07 10:48:25 +01:00
Antonio Alvarez Feijoo 215292d09e sbsign: remove unimplemented options 2024-11-07 09:47:50 +00:00
Yu Watanabe fed7857672 NEWS: fix typo
Follow-up for a6d7cc74d6.
2024-11-07 10:05:32 +09:00
Lennart Poettering c8d45ebfd6 update TODO 2024-11-06 22:19:01 +01:00
Lennart Poettering acc8bae0b3 NEWS: various cleanups 2024-11-06 22:18:55 +01:00
Lennart Poettering a6d7cc74d6 NEWS: various cleanups 2024-11-06 21:50:56 +01:00
Luca Boccassi d80d7a2f2a
docs: fix sbsign manpage syntax and add to list, update release instructions (#35055)
<!-- devel-freezer =
{"comment-id":"2460595245","freezing-tag":"v257-rc1"} -->
2024-11-06 20:18:43 +00:00
Luca Boccassi 088793239e docs: add reminder to run update-man-rules before tagging a release 2024-11-06 19:21:14 +00:00
Luca Boccassi 94a46c20da docs: remove 'v' prefix from meson.version
It is actually v-less
2024-11-06 19:20:00 +00:00
Luca Boccassi d6f4c96b10 man: run update-man-rules 2024-11-06 19:19:13 +00:00
Luca Boccassi 9e51b12e13 man: fix syntax error in systemd-sbsign.xml
Follow-up for 5f163921e9
2024-11-06 19:18:35 +00:00
Luca Boccassi d145d1d410 meson: update version numbers for 257~rc1 2024-11-06 16:58:14 +00:00
Luca Boccassi f10d1c679e NEWS: finalize 2024-11-06 16:58:14 +00:00
Luca Boccassi e1c8f3a8d9 NEWS: update list of contributors 2024-11-06 16:53:46 +00:00
Luca Boccassi 859634ea63 NEWS: add note about sd-sbsign 2024-11-06 16:49:42 +00:00
Luca Boccassi 4484cad6f3
Update hwdb and translations (#35048) 2024-11-06 16:42:11 +00:00
Daan De Meyer e5011dd239
Introduce systemd-sbsign to do secure boot signing (#35021)
Currently in mkosi and ukify we use sbsigntools to do secure boot
signing. This has multiple issues:

- sbsigntools is practically unmaintained, sbvarsign is completely
broken with the latest gnu-efi when built without -fshort-wchar and
upstream has completely ignored my bug report about this.
- sbsigntools only supports openssl engines and not the new providers
API.
- sbsigntools doesn't allow us to cache hardware token pins in the
kernel keyring like we do nowadays when we sign stuff ourselves in
systemd-repart or systemd-measure

There are alternative tools like sbctl and pesign but these do not
support caching hardware token pins in the kernel keyring either.

To get around the issues with sbsigntools, let's introduce our own
tool systemd-sbsign to do secure boot signing. This allows us to
take advantage of our own openssl infra so that hardware token pins
are cached in the kernel keyring as expected and we get openssl
provider support as well.
2024-11-06 17:38:10 +01:00
Luca Boccassi 66d044b560 Update NEWS for recent PRs 2024-11-06 15:50:59 +00:00
Michele Dionisio d865abf9eb networkd: add possibility to specify MulticastIGMPVersion 2024-11-06 15:50:27 +00:00
Luca Boccassi f72fe2d73c
Grammar and formatting for DeviceTree docs (#35050) 2024-11-06 15:13:18 +00:00
Luca Boccassi 839c37dc7f Update translations
ninja -C build systemd-pot
ninja -C build systemd-update-po
2024-11-06 14:42:31 +00:00
Luca Boccassi 8e152361e9 Update hwdb
ninja -C build update-hwdb
2024-11-06 14:41:26 +00:00
Daan De Meyer 65fbf3b194 ukify: Add --signing-provider= option 2024-11-06 15:18:46 +01:00
Léane GRASSER b8cb1bc983 po: Translated using Weblate (French)
Currently translated at 100.0% (253 of 253 strings)

Co-authored-by: Léane GRASSER <leane.grasser@proton.me>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/fr/
Translation: systemd/main
2024-11-06 15:07:28 +01:00
Zbigniew Jędrzejewski-Szmek 78ed1e973c docs/TPM2_PCR_MEASUREMENTS: drop quotes from around section titles
The section headers used quotes as if the strings were some constants. But
AFAICT, those are just normal plain-text titles. Also lowercase them, because
this is almost like a table and it's easier to read without capitalization.
2024-11-06 15:02:24 +01:00
Zbigniew Jędrzejewski-Szmek 265488414c tree-wide: use Device*T*ree spelling
We used both, in fact "Devicetree" was more common. But we have a general rule
that we capitalize all words in names and also we have a DeviceTree=
configuration setting, which we cannot change. If we use two different
spelllings, this will make it harder for people to use the correct one in
config files. So use the "DeviceTree" spelling everywhere.
2024-11-06 15:00:55 +01:00
Luca Boccassi d99fe076b5
introduce report_errno_and_exit() helper (#35028)
This is a follow for https://github.com/systemd/systemd/pull/34853. In
particular, this comment
https://github.com/systemd/systemd/pull/34853#discussion_r1825837705.
2024-11-06 13:51:10 +00:00
Yu Watanabe b66948bbf2 core/manager: silence false-positive warning by coverity
Follow-up for 406f177501.

Closes CID#1564897.
2024-11-06 13:47:33 +00:00
Luca Boccassi 4055529003
machine: introduce io.systemd.Machine.Open method (#34867)
This PR introduces io.systemd.Machine.Open method which combines three
DBus alternatives:
- OpenMachinePTY
- OpenMachineLogin
- OpenMachineShell

The PR contains basic tests.
2024-11-06 13:45:04 +00:00
Zbigniew Jędrzejewski-Szmek d0ab0e5fa5 pid1: stop refusing to boot with cgroup v1
Since v256 we completely fail to boot if v1 is configured. Fedora 41 was just
released with v256.7 and this is probably the first major exposure of users to
this code. It turns out not work very well. Fedora switched to v2 as default in
F31 (2019) and at that time some people added configuration to use v1 either
because of Docker or for other reasons. But it's been long enough ago that
people don't remember this and are now very unhappy when the system refuses to
boot after an upgrade.

Refusing to boot is also unnecessarilly punishing to users. For machines that
are used remotely, this could mean somebody needs to physically access the
machine. For other users, the machine might be the only way to access the net
and help, and people might not know how to set kernel parameters without some
docs. And because this is in systemd, after an upgrade all boot choices are
affected, and it's not possible to e.g. select an older kernel for boot. And
crashing the machine doesn't really serve our goal either: we were giving a
hint how to continue using v1 and nothing else.

If the new override is configured, warn and immediately boot to v1.
If v1 is configured w/o the override, warn and wait 30 s and boot to v2.
Also give a hint how to switch to v2.

https://bugzilla.redhat.com/show_bug.cgi?id=2323323
https://bugzilla.redhat.com/show_bug.cgi?id=2323345
https://bugzilla.redhat.com/show_bug.cgi?id=2322467
https://www.reddit.com/r/Fedora/comments/1gfcyw9/refusing_to_run_under_cgroup_01_sy_specified_on/

The advice is to set systemd.unified_cgroup_hierarchy=1 (instead of removing
systemd.unified_cgroup_hierarchy=0). I think this is easier to convey. Users
who are understand what is going on can just remove the option instead.

The caching is dropped in cg_is_legacy_wanted(). It turns out that the
order in which those functions are called during early setup is very fragile.
If cg_is_legacy_wanted() is called before we have set up the v2 hierarchy,
we incorrectly cache a true answer. The function is called just a handful
of times at most, so we don't really need to cache the response.
2024-11-06 13:43:25 +00:00
Zbigniew Jędrzejewski-Szmek bc11463e8e man/systemd-stub: rework the description of sections
The text added for .dtbauto/.hwids was very hard to grok. This rewords it to be
proper English. No semantic changes are intended.

When updating this, I noticed that the interaction of multi-profile UKIs and
dtb autoselection is very unclear, a FIXME is added.
2024-11-06 14:40:21 +01:00
Daan De Meyer d835c4476b ukify: Add support for systemd-sbsign 2024-11-06 14:01:33 +01:00
Daan De Meyer 8cbd9d8328 sbsign: Add validate-key verb
This verb checks that we can load the specified private key.
2024-11-06 14:01:09 +01:00
Daan De Meyer 5f163921e9 Introduce systemd-sbsign to do secure boot signing
Currently in mkosi and ukify we use sbsigntools to do secure boot
signing. This has multiple issues:

- sbsigntools is practically unmaintained, sbvarsign is completely
broken with the latest gnu-efi when built without -fshort-wchar and
upstream has completely ignored my bug report about this.
- sbsigntools only supports openssl engines and not the new providers
API.
- sbsigntools doesn't allow us to cache hardware token pins in the
kernel keyring like we do nowadays when we sign stuff ourselves in
systemd-repart or systemd-measure

There are alternative tools like sbctl and pesign but these do not
support caching hardware token pins in the kernel keyring either.

To get around the issues with sbsigntools, let's introduce our own
tool systemd-sbsign to do secure boot signing. This allows us to
take advantage of our own openssl infra so that hardware token pins
are cached in the kernel keyring as expected and we get openssl
provider support as well.
2024-11-06 14:00:49 +01:00
Ivan Kruglov 1e2cd07394 machine: tests for io.systemd.Machine.Open 2024-11-06 11:58:51 +01:00
Ivan Kruglov a686bedb88 machine: introduce io.systemd.Machine.Open method 2024-11-06 11:37:51 +01:00
Ivan Kruglov 7779d4944c json: introduce json_dispatch_strv_environment()
I just moved json_dispatch_environment() from src/shared/user-record.c
under name 'json_dispatch_strv_environment()' to shared json code.
2024-11-06 11:37:51 +01:00
Ivan Kruglov b0eca6dee0 machine: machine_default_shell_path() & machine_default_shell_args() helper functions 2024-11-06 11:37:51 +01:00
Ivan Kruglov 41f1f283d7 machine: introduce machine_start_getty() and machine_start_shell() helpers 2024-11-06 11:37:51 +01:00
Ivan Kruglov c0589b0227 use report_errno_and_exit() in src/core/exec-invoke.c 2024-11-06 11:18:38 +01:00
Ivan Kruglov 7022563b5b use report_errno_and_exit() in src/shared/elf-util.c 2024-11-06 11:18:38 +01:00
Ivan Kruglov 3d44b469f3 use report_errno_and_exit() in src/shared/dissect-image.c 2024-11-06 11:18:38 +01:00
Ivan Kruglov 9af164b71c use report_errno_and_exit() in src/shared/mount-util.c 2024-11-06 11:18:38 +01:00
Ivan Kruglov f72a64f352 use report_errno_and_exit() in src/shutdown/umount.c 2024-11-06 11:18:38 +01:00
Ivan Kruglov a567de392d process-util: introduce report_errno_and_exit() as part of src/basic/process-util.{h,c} 2024-11-06 11:18:38 +01:00
Yu Watanabe ea457d59e9 man/varlink: fix typo
Follow-up for 4f5fabe7a3.
2024-11-06 19:06:47 +09:00
Yu Watanabe 9dcf5c226e man/udev: fix typo
Follow-up for df8f9b88bd.
2024-11-06 19:06:40 +09:00
Zbigniew Jędrzejewski-Szmek f755ac99cb man/systemd-measure: add forgotten "="
Both syntaxes work, but let's use one syntax for consistency.

Fixup for 0641ce809a27cc1bc358924c26770f19d1213ec1.
2024-11-06 10:18:16 +01:00
Zbigniew Jędrzejewski-Szmek ad6a4bf09c man/systemd-measure: update to new ukify syntax, non-root operation
It's been a while, but systemd-measure doesn't need root, and
ukify has a more modern syntax.
2024-11-06 10:14:29 +01:00
Yu Watanabe df69f29728
network: reconfigure interface more gracefully (#35035)
split-out of #34989.
2024-11-06 17:57:56 +09:00
Lennart Poettering 682195a00a
UKI: Introduce `.dtbauto` sections (#34855)
Split out from #34158
2024-11-06 09:29:04 +01:00
Andres Beltran f348831d27 namespace-util: make idmapping not supported if syscalls return EPERM 2024-11-06 09:27:33 +01:00
Lennart Poettering 299b6c3c28
Various man page updates (#35032)
Fixes: #34996
Fixes: #15032
Fixes: #32751
Fixes: #33130
Fixes: #34735
Fixes: #34840
Fixes: #34949
2024-11-06 09:26:57 +01:00
Zbigniew Jędrzejewski-Szmek ddcdc6b365
mount-util: introduce path_is_network_fs_harder() and use it in networkd (#35040)
Closes #32426.
2024-11-06 08:39:24 +01:00
Lennart Poettering df8f9b88bd man: convert multiple left-over "See Also" sections to <simplelist>
These were forgotten during the initial conversion, probably because
most of them consisted only of a single entry.

Fix that.
2024-11-05 22:57:51 +01:00
Lennart Poettering 607d297487 man: link up D-Bus API docs from daemon man pages
Let's systematically make sure that we link up the D-Bus interfaces from
the daemon man pages once in prose and once in short form at the bottom
("See Also"), for all daemons.

Also, add reverse links at the bottom of the D-Bus API docs.

Fixes: #34996
2024-11-05 22:57:51 +01:00
Lennart Poettering 2f69ad26ca man: point people from sd-bus man page to busctl 2024-11-05 22:57:51 +01:00
Lennart Poettering 4f5fabe7a3 man: add brief entrypoint man page for sd-varlink
We have this in a similar fashion for the other APIs libsystemd
provides. Add the same for sd-varlink. There isn't too much on it for
now, but at least it's a start.

Also link it up everywhere.
2024-11-05 22:57:51 +01:00
Lennart Poettering ac804bc2f8 man: tone down claims on processes having exited already in ExecStop=
Processes can easily survive the first kill operation we execute, hence
we shouldn't make strong claims about them having exited already. Let's
just say "likely" hence.

Fixes: #15032
2024-11-05 22:57:51 +01:00
Lennart Poettering 5adc433799 man: document that .path units don't care for hidden files
Fixes: #32751
2024-11-05 22:57:51 +01:00
Lennart Poettering b711737096 man: document that PrivateTmp= is unaffected by ProtectSystem=strict
Fixes: #33130
2024-11-05 22:57:51 +01:00
Lennart Poettering 172ac39fc8 man: highlight the privilege issues around the LogControl1 more
Let's emphasize the privilege thing with a <caution> section.

Let's also point out that other D-Bus libraries are less restrictive
than sd-bus by default regarding permission access.

Fixes: #34735
2024-11-05 22:57:34 +01:00
anonymix007 73b1fbc777 man: Document stub behaviour for .hwids and .dtbauto sections 2024-11-06 00:47:04 +03:00
anonymix007 1d79f667f4 stub: Handle .dtbauto sections 2024-11-06 00:47:04 +03:00
anonymix007 4c0b7f4250 measure: Introduce .dtbauto support 2024-11-06 00:47:04 +03:00
anonymix007 630cf4e7da uki: add new .dtbauto PE section type
.dtbauto section contains DT blobs, just like .dtb, the difference is
that multiple .dtbauto sections are allowed to be in a UKI and only one
is selected automatically

Temporarily drop an assert_cc() check in systemd-measure to make it compilable before the next commit
2024-11-06 00:47:04 +03:00
anonymix007 763028a16c measure: introduce support for a .hwids section 2024-11-06 00:47:04 +03:00
anonymix007 c033267912 boot: Add .dtbauto section matching in PE section discovery against HWIDs and FW-provided DT 2024-11-06 00:46:57 +03:00
Lennart Poettering ecbe9ae5a0 man: don't claim SELinuxContext= only worked in the system service manager
Fixes: #34840
2024-11-05 22:42:38 +01:00
Lennart Poettering af080967ba man: document the timeout applied to /usr/lib/systemd/system-shutdown/ drop-in binaries
Fixes: #34949
2024-11-05 22:42:32 +01:00
Luca Boccassi 78b032d727 test: delete /swapfile after swapoff
[   23.608342] TEST-55-OOMD.sh[689]: + btrfs filesystem mkswapfile -s 64M /swapfile
[   23.651930] TEST-55-OOMD.sh[704]: ERROR: cannot create new swapfile: File exists
2024-11-06 05:02:57 +09:00
Ronan Pigott 57feaaece3 network: handle ENODATA better with DNR
It is normal for DHCP leases not to have DNR options. We need to be less
verbose and more forgiving in these cases. Also, if either DHCP does not
have DNR options, make sure to still consider any DHCPv6/RA options.

Fixes: c7c9e3c7c0 (network: adjust log message about DNR)
2024-11-06 05:01:55 +09:00
Yu Watanabe c0323de6ca network: use path_is_network_fs_harder()
Closes #32426.
2024-11-06 04:58:59 +09:00
Yu Watanabe d49d95df0a mount-util: introduce path_is_network_fs_harder()
It also detects e.g. glusterfs or mounts with "_netdev" option.
2024-11-06 04:58:55 +09:00
Zbigniew Jędrzejewski-Szmek 2257be13fe tree-wide: time-out → timeout
For justification, see 3f9a0a522f.
2024-11-05 19:32:19 +00:00
anonymix007 6bb76ab959 boot: Add HWID calculation from SMBIOS strings and matching against a built-in list 2024-11-05 22:29:58 +03:00
anonymix007 1c3a0a4b1f boot: Add firmware_devicetree_exists() 2024-11-05 22:29:58 +03:00
Diogo Ivo e6cb29fa0f boot: add matching against FW-provided Devicetree blob
Add support for matching the DT contained in a .dtb section of the
UKI image against the FW provided FDT or arbitrary compatible.
2024-11-05 22:29:40 +03:00
Daan De Meyer 0bf70b1984 openssl-util: Set default UI method instead of setting engine method
While for engines we have ENGINE_ctrl() to set the UI method for the
second PIN prompt, for openssl providers we don't have such a feature
which means we get the default openssl UI for the second pin prompt.

Instead, let's set the default UI method which does get used for the
second pin prompt by the pkcs11 provider.
2024-11-05 19:58:45 +01:00
Luca Boccassi 7af37f3a90
Add PrivatePIDs= (continued) (#34940) 2024-11-05 18:42:28 +00:00
Yu Watanabe 6e0c9b7dac network: introduce LINK_RECONFIGURE_CLEANLY flag
And use it when explicit reconfiguration is requested by Reconfigure() DBus method
or networkd certainly detects that connected network is changed.
Otherwise do not use the flag especially when we come back from sleep mode.
2024-11-06 02:05:00 +09:00
Yu Watanabe 451c2baf30 network: keep dynamic configurations as possible as we can on reconfigure
E.g. when a .network file is updated, but DHCP setting is unchanged, it
is not necessary to drop acquired DHCP lease.
So, let's not stop DHCP client and friends in link_reconfigure_impl(),
but stop them later when we know they are not necessary anymore.

Still DHCP clients and friends are stopped and leases are dropped when
the explicit reconfiguration is requested
2024-11-06 02:05:00 +09:00
Yu Watanabe dd6d53a8dc network: merge link_foreignize_config() and link_drop_foreign_config()
When a reconfiguration of an interface is triggered, previously we
call link_foreignize_config(), which sets all static configurations as
foreign, then later call link_drop_foreign_config(), which drops
unnecessary foreign configurations.

This commit merges these two steps into one, link_drop_unmanaged_config(),
which drops unnecessary static and foreign configurations.

Also, this renames link_drop_managed_configs() to
link_drop_static_config(), as it only drops static configurations.
Note that dynamically aquired configurations are dropped by
link_stop_engines().
2024-11-06 02:05:00 +09:00
Yu Watanabe 2b07a3211b network: several cleanups for link_reconfigure()
Effectively no functional changes, just refactoring and preparation for
later changes.

- convert boolean flag 'force' to LinkReconfigurationFlag enum,
- merge link_reconfigure() and reconfigure_handler_on_bus_method_reload() as
  link_reconfigure_full(),
- Rename ReconfigureData -> LinkReconfigurationData,
- make Reconfigure() DBus message wait for reconfiguration being
  started before sending reply.
2024-11-06 02:05:00 +09:00
Yu Watanabe 5a1ef6dffb network: split out link_enter_unmanaged() from link_reconfigure_impl()
No functional change, just refactoring.
2024-11-06 02:05:00 +09:00
Yu Watanabe f5834423b8
Translations update from Fedora Weblate (#35031) 2024-11-06 01:52:36 +09:00
Weblate Translation Memory df884b7de5 po: Translated using Weblate (German)
Currently translated at 90.9% (230 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 89.3% (226 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 88.9% (225 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 88.1% (223 of 253 strings)

Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-05 14:50:15 +01:00
Ettore Atalan aa6e0bf4b0 po: Translated using Weblate (German)
Currently translated at 90.9% (230 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 89.3% (226 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 88.9% (225 of 253 strings)

po: Translated using Weblate (German)

Currently translated at 88.1% (223 of 253 strings)

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-05 14:50:15 +01:00
Lennart Poettering 9810899ef2 run: handle gracefully if we can't find binary client-side due to perms
Fixes: #35022
2024-11-05 13:41:20 +00:00
Daan De Meyer 406f177501 core: Introduce PrivatePIDs=
This new setting allows unsharing the pid namespace in a unit. Because
you have to fork to get a process into a pid namespace, we fork in
systemd-executor to get into the new pid namespace. The parent then
sends the pid of the child process back to the manager and exits while
the child process continues on with the rest of exec_invoke() and then
executes the actual payload.

Communicating the child pid is done via a new pidref socket pair that is
set up on manager startup.

We unshare the PID namespace right before the mount namespace so we
mount procfs correctly. Note PrivatePIDs=yes always implies MountAPIVFS=yes
to mount procfs.

When running unprivileged in a user session, user namespace is set up first
to allow for PID namespace to be unshared. However, when running in
privileged mode, we unshare the user namespace last to ensure the user
namespace does not own the PID namespace and cannot break out of the sandbox.

Note we disallow Type=forking services from using PrivatePIDs=yes since the
init proess inside the PID namespace must not exit for other processes in
the namespace to exist.

Note Daan De Meyer did the original work for this commit with Ryan Wilson
addressing follow-ups.

Co-authored-by: Daan De Meyer <daan.j.demeyer@gmail.com>
2024-11-05 05:32:02 -08:00
Daan De Meyer cf0238d854 pcrlock: Move pe_hash() and uki_hash() to pe-binary.h
Let's move these to shared so we can reuse pe_hash() in the upcoming
systemd-sbsign.
2024-11-05 14:26:21 +01:00
Daan De Meyer 48c5a4cd67 mkosi: Add ruff and mypy to tools tree packages 2024-11-05 14:26:21 +01:00
anonymix007 26060eb7a0 fundamental: Add HWID calculation 2024-11-05 14:48:43 +03:00
anonymix007 09f16de6d8 boot: Add xnew0
Same as xnew but initialized with zeros
2024-11-05 14:48:33 +03:00
Zbigniew Jędrzejewski-Szmek ee95e86ae1 resolved: log error messages for openssl/gnutls context creation
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.

Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
2024-11-05 11:59:29 +01:00
Daan De Meyer 89fdca7168 exec-invoke: Add debug logging for setup_private_users() 2024-11-04 09:19:36 -08:00
Ondrej Kozina c91c6c2a47 cryptsetup-generator: Add luks.link-volume-key= command line option.
This option adds link-volume-key= option to all configured LUKS
device activated by systemd-cryptsetup. The device unit may
origin in either crypttab file or kernel command line option.

The resulting link-volume-key= paramater replaces all eventually
added link-volume-key options added per device either in crypttab
file or kernel command line.

The value may be in following formats:

link-volume-key="@u" (all keys linked in the root user keyring, user type)
link-volume-key="@u::%logon" (all keys linked in the root user keyring, logon type)
link-volume-key="my_custom_keyring" (all keys linked in my_custom_keyring keyring, user type)
link-volume-key="my_custom_keyring::%logon" (all keys linked in my_custom_keyring keyring, logon type)

The referenced keyring (via keyring description) must exist
in advance of invoking device activation units.
2024-07-01 12:08:52 +02:00
Ondrej Kozina bca6c78daf cryptsetup: Extend link-volume-key option with automatic mode.
This patch adds support for linking volume key in a kernel key
with description derived from LUKS device uuid. The resulting
key description of the linked key is in following format:
systemd-cryptsetup:vk-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX-id#,
where 'X' represents uuid fields and '#' single integer character.

The new feature supports following formats applied to option value:

link-volume-key="@u" (key linked in the root user keyring, user type)
link-volume-key="@u::%logon" (key linked in the root user keyring, logon type)
link-volume-key="my_custom_keyring" (key linked in my_custom_keyring keyring, user type)
link-volume-key="my_custom_keyring::%logon" (key linked in my_custom_keyring keyring, logon type)

The referenced keyring (via keyring description) must exist
in advance of invoking device activation units.
2024-07-01 12:08:48 +02:00
352 changed files with 123062 additions and 118193 deletions

View File

@ -18,7 +18,7 @@ body:
If a distro build is used, please just paste the package version, e.g. `systemd-254.7-1.fc39.x86_64`.
See https://github.com/systemd/systemd-stable/tags for the list of most recent releases.
For older version please use distribution trackers (see https://systemd.io/CONTRIBUTING#filing-issues).
placeholder: '255'
placeholder: '256.x'
validations:
required: true

View File

@ -121,6 +121,6 @@ body:
attributes:
label: The systemd version you checked that didn't have the feature you are asking for
description: If this is not the most recently released upstream version, then please check first if it has that feature already.
placeholder: '255'
placeholder: '256.x'
validations:
required: false

View File

@ -69,6 +69,9 @@ The following exceptions apply:
* the following sources are under **Public Domain** (LicenseRef-alg-sha1-public-domain):
- src/fundamental/sha1-fundamental.c
- src/fundamental/sha1-fundamental.h
* the following files are licensed under **BSD-3-Clause** license:
- src/boot/efi/chid.c
- src/boot/efi/chid.h
* Heebo fonts under docs/fonts/ are licensed under the **SIL Open Font License 1.1**,
* any files under test/ without an explicit license we assume non-copyrightable
(eg: computer-generated fuzzer data)

412
NEWS
View File

@ -51,6 +51,12 @@ CHANGES WITH 257 in spe:
too many systems, because most NVMe devices only know a namespace 1
by default.
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will ignore configuration
that enables them. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must additionally be set on the
kernel command line.
Announcements of Future Feature Removals:
* The D-Bus method org.freedesktop.systemd1.StartAuxiliaryScope() is
@ -64,11 +70,8 @@ CHANGES WITH 257 in spe:
will be phased out in a future release in 2025, i.e. we expect to bump
the minimum baseline to v5.4 then too.
* Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will refuse to boot under
it. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
line. The complete removal of cgroup v1 is scheduled for v258.
* The complete removal of support for cgroup v1 ('legacy' and 'hybrid'
hierarchies) is scheduled for v258.
* Support for System V service scripts is deprecated and will be
removed in v258. Please make sure to update your software
@ -100,37 +103,37 @@ CHANGES WITH 257 in spe:
libsystemd:
* systemd's JSON API is now available as public interface of libsystemd
under the name "sd-json". The purpose of the library is to allow
structures to be conveniently created in C code and serialized to
JSON, and for JSON to be conveniently deserialized into in-memory
structures, using callbacks to handle specific keys. Various data
types like integers, floats, booleans, strings, UUIDs, base64-encoded
and hex-encoded binary data, and arrays are supported natively. The
library has been part of systemd for a while as internal component,
and now being made publicly available, too. On major user of sd-json
is the JSON interface sd-varlink (see below). Note that documentation
on sd-json is very much incomplete for now, but the systemd codebase
should provide plenty code real-life code examples.
* systemd's JSON API is now available as public interface of
libsystemd, under the name "sd-json". The purpose of the library is
to allow structures to be conveniently created in C code and
serialized to JSON, and for JSON to be conveniently deserialized into
in-memory structures, using callbacks to handle specific
keys. Various data types like integers, floats, booleans, strings,
UUIDs, base64-encoded and hex-encoded binary data, and arrays are
supported natively. The library has been part of systemd for a while
as internal component, and is now made publicly available. One major
user of sd-json is sd-varlink (see below). Note that the
documentation of sd-json is very much incomplete for now, but the
systemd codebase provides plenty real-life code examples.
* libsystemd's Varlink IPC API is now available as part of libsystemd
* systemd's Varlink IPC API is now available as part of libsystemd,
under the name "sd-varlink". This library is a C implementation of
the Varlink IPC system (https://varlink.org/) that has been adopted
by systemd for various interfaces. It relies on the sd-json JSON
component, see above. Note that documentation on sd-varlink is very
much incomplete for now, but the systemd codebase should provide
plenty code real-life code examples.
component, see above. Note that the documentation of sd-varlink is
very much incomplete for now, but the systemd codebase provides
plenty real-life code examples.
* sd-bus gained a new call sd_bus_pending_method_calls() which returns
the number of currently open asynchronous method calls initiated on
this connection towards peers.
* sd-device gained a new call sd_device_monitor_is_running() that
returns whener the specified monitor object is already running. It
returns whether the specified monitor object is already running. It
also gained sd_device_monitor_get_fd(),
sd_device_monitor_get_events(), sd_device_monitor_get_timeout() and
sd_device_monitor_receive() to permit sd-device to run on a foreign
event loop implementation. It also gained
sd_device_monitor_receive() to permit sd-device to run on top of a
foreign event loop implementation. It also gained
sd_device_get_driver_subsystem() which returns the subsystem of
driver objects. The new sd_device_get_device_id() call returns a
short string identifying the device record.
@ -145,8 +148,9 @@ CHANGES WITH 257 in spe:
* Multipath TCP (MPTCP) is now supported as a socket protocol for
.socket units.
* New /etc/fstab option x-systemd.wants= creates "Wants" dependencies.
(This is similar to the previously available x-systemd.requires=.)
* A new /etc/fstab option x-systemd.wants= creates "Wants="
dependencies. (This is similar to the previously available
x-systemd.requires=.)
* The initialization of the system clock during boot and updates has
been simplified: both PID 1 or systemd-timesyncd will pick the latest
@ -158,17 +162,17 @@ CHANGES WITH 257 in spe:
shutdown, so that the user may use it to initiate a reboot if the
system freezes otherwise.
* The new unit option PrivateUsers=identity can be used to request a
user namespace with an identity mapping for the first 65536
UIDs/GIDs. This is analogous to the systemd-nspawn's
* The new value "identity" for the unit setting PrivateUsers= may be
used to request a user namespace with an identity mapping for the
first 65536 UIDs/GIDs. This is analogous to the systemd-nspawn's
--private-users=identity.
* The new unit option PrivateTmp=disconnected can be used to specify
that a separate tmpfs instance should be used for /tmp/ and /var/tmp/
for the unit.
* The new value "disconnected" for the unit setting PrivateTmp= may be
used to specify that a separate tmpfs instance should be used for
/tmp/ and /var/tmp/ for the unit.
* The manager (and various other tools too) use pidfds in more places
to refer to processes.
* The server manager (and various other tools too) use pidfds in more
places to refer to processes.
* A build option -D link-executor-shared=false can be used to build
the systemd-executor binary (added in a previous release) in a way
@ -182,41 +186,41 @@ CHANGES WITH 257 in spe:
execute.
* The systemd.machine_id= kernel command line parameter interpreted by
PID 1 now supports an additional special value: if "firmware" is
specified the machine ID is initialized from the SMBIOS/Devicetree
system UUID. (Previously this was already done in VM environments,
this extends the concept to any system, but only on explicit request
via this option.)
PID 1 now supports an additional special value: if set to "firmware"
the machine ID is initialized from the SMBIOS/DeviceTree system
UUID. (Previously this was already done automatically in VM
environments, this extends the concept to any system, but only on
explicit request via this option.)
* The ImportCredential= setting in service unit files now permits
renaming credentials imported.
renaming of credentials as they are imported.
* The RestartMode= gained a new "debug" setting. If specified and the
service fails so that it shall be restarted it is invoked in
* The RestartMode= setting gained a new "debug" value. If specified and
the service fails so that it shall be restarted it is invoked in
"debugging mode". Debugging mode means that the $DEBUG_INVOCATION
environment variable will be set to "1" for the new
invocation. Moreover, any setting LogLevelMax= will be temporarily
changed to "debug" for the next invocation. This mode is useful to
repeat invocation of tools if they fail but with additional logging
or testing routines turned on.
automatically repeat invocation of tools in case they fail but with
additional logging or testing routines enabled.
* A new service setting BindLogSockets= has been added that
controls whether the AF_UNIX sockets required for logging shall be
bind mounted to the mount sandbox allocated for the service.
* PID 1 will now optionally load a policy for the new Linux IPE LSM at
boot.
* At early boot, PID 1 will now optionally load a policy for the new
Linux IPE LSM.
* Transient services (StartTransientUnit() D-Bus method) may now
receive additional, arbitrary file descriptors to pass to executed
service processes on activation using the new ExtraFileDescriptor=
unit property.
* Transient services (as invoked by the StartTransientUnit() D-Bus
method) may now receive additional, arbitrary file descriptors to
pass to executed service processes during activation using the new
ExtraFileDescriptor= unit property.
* Calendar .timer units gained a new boolean DeferReactivation=
option. If enabled and the repetitive calendar timer elapses again
while the service the timer activates is still running, immediate
reactivation once it finishes is skipped, and the timer has to elapse
again before the service is reactivated.
reactivation of the service once it finishes is skipped, and the
timer has to elapse again before the service is reactivated.
* Generator processes invoked by the service manager will now receive a
new environment variable $SYSTEMD_SOFT_REBOOTS_COUNT that indicates
@ -242,10 +246,10 @@ CHANGES WITH 257 in spe:
"strict" a new cgroup namespace is allocated for the service, and
cgroupfs is mounted read-only for the service.
* The StateDirectory=, RuntimeDirectory=, CacheDirectory=, LogsDirectory=,
and ConfigurationDirectory= settings gained support for configuring the
respective directories as read-only, via a ':ro' flag that can be
appended to each setting.
* The StateDirectory=, RuntimeDirectory=, CacheDirectory=,
LogsDirectory=, and ConfigurationDirectory= settings gained support
for configuring the respective directories as read-only, via a ':ro'
flag that can be appended to each setting's value.
* When DynamicUser= is combined with
StateDirectory=/RuntimeDirectory=/CacheDirectory=/LogsDirectory= and
@ -254,11 +258,16 @@ CHANGES WITH 257 in spe:
the "nobody" user to the dynamic user, rather than via recursive
chown()ing.
* A new service property PrivatePIDs= has been added that runs executed
processes as PID 1 - the init process - within their own PID
namespace. PrivatePIDs= also mounts /proc/ so only processes within
the new PID namespace are visible.
systemd-udevd:
* udev rules now set 'uaccess' for /dev/udmabuf, giving locally
logged-in users access to the hardware. This is necessary to support
IPMI cameras with libcamera.
logged-in users access to the hardware. This is useful in order to
support IPMI cameras with libcamera.
* Serial port devices will no longer show up as systemd units, unless
they have an IO port or memory assigned to them. This means that only
@ -268,14 +277,14 @@ CHANGES WITH 257 in spe:
show up as .device units in systemd.
* The firmware_node/sun sysfs attribute will now be used (if available)
for naming slot-based network interfaces,
i.e. ID_NET_NAME_SLOT. Moreover the interface aliases specified in
Devicetree are now searched for both on the interfaces parent device
(as before) and the device itself (new).
for naming slot-based network interfaces, i.e. ID_NET_NAME_SLOT.
Moreover the interface aliases specified in DeviceTree are now
searched for both on the interface's parent device (as before) and
the device itself (new).
* Various USB hardware wallets have are now recognized by udev via a
.hwdb file, and get the ID_HARDWARE_WALLET= property set, which
enables "uaccess" for them, i.e. direct unprivileged access.
* Various USB hardware wallets are now recognized by udev via a .hwdb
file, and get the ID_HARDWARE_WALLET= property set, which enables
"uaccess" for them, i.e. direct unprivileged access.
* udevadm info will now output the device ID string in lines prefixed
with "J:", and the driver subsystem in lines prefixed with "B:".
@ -285,8 +294,8 @@ CHANGES WITH 257 in spe:
systemd-logind:
* New DesignatedMaintenanceTime= configuration option allows
shutdowns to be automatically scheduled at the specified time.
* New DesignatedMaintenanceTime= configuration option allows shutdowns
to be automatically scheduled at the specified time.
* logind now reacts to Ctrl-Alt-Shift-Esc being pressed. It will send
out a org.freedesktop.login1.SecureAttentionKey signal, indicating a
@ -300,8 +309,8 @@ CHANGES WITH 257 in spe:
session switches away.
* systemd-logind now exposes two D-Bus properties CanLock and CanIdle
for all sessions that indicate whether the session's class supports
screen locking and idle detection.
for all sessions. These properties indicate whether the session's
class supports screen locking and idleness detection.
* systemd-inhibit now allows interactive polkit authorization. It
gained a --no-ask-password option to suppress it.
@ -312,12 +321,13 @@ CHANGES WITH 257 in spe:
Machines started via the systemd-vmspawn@.service unit will now be
registered with systemd-machined.
* systemd-machined gained a pretty complete set of Varlink interfaces
to its functionality as alternative to the existing D-Bus interface.
* systemd-machined gained a pretty complete set of Varlink APIs
exposing its functionality. This is an alternative to the
pre-existing D-Bus interface.
systemd-resolved:
* resolvconf command now supports '-p' switch. If specified, the
* The resolvconf command now supports '-p' switch. If specified, the
interface will not be used as the default route for domain name
lookups.
@ -329,11 +339,11 @@ CHANGES WITH 257 in spe:
* IPv6 address labels can be configured in a new [IPv6AddressLabel]
section with Prefix= and Label= settings.
* 'networkctl edit' can now read the new contents from standard input
with the new --stdin option.
* 'networkctl edit' can now read the new file contents from standard
input with the new --stdin option.
* 'networkctl edit' and 'cat' now supports editing .netdev files by
link. 'networkctl cat' can also list all configuration files
* 'networkctl edit' and 'cat' now support editing/showing .netdev files
by link. 'networkctl cat' can also list all configuration files
associated with an interface at once with ':all'.
* networkctl gained a --no-ask-password option to suppress interactive
@ -342,7 +352,7 @@ CHANGES WITH 257 in spe:
* "mac" has been added to the default AlternativeNamesPolicy= setting
for network links (via 99-default.link). This means "enx*" interface
names will now be added to the list of alternative interface names by
default for all interfaces that have a MAC address assigned to them
default, for all interfaces that have a MAC address assigned
by hardware.
* networkd .netdev bridge devices gained a new setting FDBMaxLearned=
@ -357,18 +367,18 @@ CHANGES WITH 257 in spe:
thus highlighting conflict of ownership/management of these knobs.
* systemd-networkd will now make RFC9463 DNR fields available to
systemd-resolved, for automatic DoT configuration, and similar.
systemd-resolved, for automatic DNS DoT configuration, and similar.
systemd-boot, systemd-stub, and related tools:
* The EFI stub now supports loading of .ucode sections with microcode
from PE add-on files. It now also supports loading .initrd sections
from PE add-on files. It also now supports loading .initrd sections
from PE add-on files.
* A new .profile PE section type is now documented and supported in
systemd-measure, ukify, systemd-stub and systemd-boot. Those new
systemd-measure, ukify, systemd-stub and systemd-boot. These new
sections allow multiple "profiles" to be stored together in the UKI,
with .profile sections creating groupings of sections in the UKI,
where each .profile section creates groupings of sections in the UKI,
allowing some sections to be shared and other sections like .cmdline
or .initrd unique to the profile. This may be used to provide a
single UKI that synthesizes multiple menu items in the boot menu (for
@ -376,6 +386,16 @@ CHANGES WITH 257 in spe:
reset one, and so on which only differ in kernel command line, but
nothing else).
* New .dtbauto and .hwids sections are now documented and supported in
systemd-measure, ukify, systemd-stub, and systemd-boot. A single UKI
can contain multiple .dtbauto sections, and the 'compatible' string
therein will be compared with the equivalent field in the DTB
provided by the firmware, if present. If absent, SMBIOS will be used
to calculate hardware IDs (CHIDs) and look them up in the content of
.hwids, hopefully revealing an fallback 'compatible' string. This
allows including multiple DTBs in a single UKI, with systemd-stub
automatically loading the correct one for the current hardware.
* ukify gained an --extend switch to import an existing UKI to
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
@ -387,31 +407,37 @@ CHANGES WITH 257 in spe:
* systemd-stub will report the partition UUID and image identifier its
UKI executable is placed on separately from the data systemd-boot
provides about where to find its own executable. This is useful when
systemd-boot and UKIs are placed on distinct partitions (i.e. ESP and
XBOOTLDR).
provides about where to find its own executable, via EFI
variables. This is useful when systemd-boot and UKIs are placed on
distinct partitions (i.e. ESP and XBOOTLDR).
* bootctl --print-loader-path and --print-stub-path that output the
path to the boot loader or UKI used for the current boot.
* bootctl gained new switches --print-loader-path and --print-stub-path
that output the path to the boot loader or UKI used for the current
boot.
* bootctl kernel-identify now supports identifying EFI add-ons.
* bootctl kernel-identify now recognizes EFI add-ons.
* bootctl gained a --random-seed=yes|no option to control provisioning
of the random seed file in ESP. (This is useful when producing an
image that will be used multiple times.)
of the random seed file in the ESP. (This is useful when producing an
image that will be used in multiple instances.)
* bootctl now optionally supports installing UEFI Secure Boot databases
(ESLs) for systemd-boot to pick up and automatically enroll if the
system is booted in Setup Mode. This is controlled via bootctl's new
--secure-boot-auto-enroll=yes switch (and some auxiliary ones). A
certificate can be provided in DER format, and it is automatically
converted into an ESL, as needed.
(i.e. db/dbx/… databases in ESL format) for systemd-boot to pick up
and automatically enroll if the system is booted in Setup Mode. This
is controlled via bootctl's new --secure-boot-auto-enroll=yes switch
(and some auxiliary ones). A certificate can be provided in DER
format, and is automatically converted into an ESL, as needed.
* bootctl, systemd-measure, systemd-repart when referencing signing
keys on OpenSSL engines may now query for PINs and similar via
systemd's native systemd-ask-password logic (and take benefit of its
caching and UI).
* A new systemd-sbsign tool has been added, that can be used to sign
EFI binaries (PE) for Secure Boot. This tool supports OpenSSL engines
and providers, with pin caching support for PKCS11. ukify supports it
as an alternative to sbsigntool and pesign.
The journal:
* journalctl can now list invocations of a unit with the
@ -445,22 +471,22 @@ CHANGES WITH 257 in spe:
and AppStream metadata.
* Transfer definitions for systemd-sysupdate are supposed to carry the
".transfer" suffix now, changing from ".conf". The latter is
supported for compatibility too, but it's recommended to rename all
files reflecting this suffix change.
".transfer" suffix now, changing from ".conf". The latter remains
supported for compatibility, but it's recommended to rename all files
reflecting this suffix change.
* systemd-sysupdate now supports a new ".feature" files that may be
* systemd-sysupdate now supports new ".feature" files that may be
used in conjunction with ".transfer" files to group them together, and
allow them to be turned off or on, individually per group.
TPM & systemd-cryptsetup:
* The 'tpm2' verb which lists usable TPM2 devices has been moved from
systemd-creds to systemd-analyze.
* The 'has-tpm2' verb which reports whether TPM2 functionality is
available has been moved from systemd-creds to systemd-analyze.
* systemd-tpm2-setup will gracefully handle TPMs that have a PIN set on
the TPM, and not automatically set up a Storage Root Key (SRK) in
that case.
the TPM, and not attempt to automatically set up a Storage Root Key
(SRK) in that case.
* New crypttab option password-cache=yes|no|read-only can be used to
customize password caching.
@ -502,7 +528,7 @@ CHANGES WITH 257 in spe:
start the specified executable on the remote side, and communicate
with the remote process using the Varlink protocol.
"ssh:" address specification has been renamed to "ssh-unix:"
The "ssh:" address specification has been renamed to "ssh-unix:"
(reflecting the fact it is used to connect to a remote AF_UNIX socket
via SSH). The old syntax is still supported for backwards
compatibility.
@ -523,7 +549,8 @@ CHANGES WITH 257 in spe:
to enable internal compression in filesystems created offline.
* systemd-repart understands a new MakeSymlinks= option to create one
or more symlinks (each specified as a symlink name and target).
or more symlinks (each specified as a symlink name and target) within
a newly formatted file system.
* systemd-repart gained a new SupplementFor= setting that allows
allocating a partition only if some other existing partition cannot
@ -536,15 +563,15 @@ CHANGES WITH 257 in spe:
systemd-ssh-proxy:
* systemd-ssh-proxy now also supports the "VSOCK MUX" protocol used by
CloudHypervisor/Firecracker to expose AF_VSOCK sockets of the VM on
the host. Or in other words: it's now possible to directly connect to
ssh via AF_VSOCK from hosts to VMs of these two hypervisors
(previously this was only supported for hypervisors which expose
AF_VSOCK on the host as AF_VSOCK, such as qemu).
* systemd-ssh-proxy now also supports the AF_UNIX-based "VSOCK MUX"
protocol used by CloudHypervisor/Firecracker to expose AF_VSOCK
sockets of the VM on the host. Or in other words: it's now possible
to directly connect to ssh via AF_VSOCK from hosts to VMs of these
two hypervisors (previously this was only supported for hypervisors
which expose AF_VSOCK on the host as AF_VSOCK, such as qemu).
* systemd-ssh-proxy can now reference local VMs by their name: connect
to any local VM "foobar" registered with machined via "ssh
to any local VM "foobar" registered with systemd-machined via "ssh
machine/foobar" using the AF_VSOCK protocol.
systemd-analyze:
@ -568,7 +595,6 @@ CHANGES WITH 257 in spe:
* 'busctl monitor' gained new options --limit-messages= and --timeout=
to set the number of matches or limit the runtime of the command.
This is intended to be used in scripts.
* busctl now supports doing method calls with embedded unix file
descriptors.
@ -586,9 +612,9 @@ CHANGES WITH 257 in spe:
systemd-importd:
* A new generator sytemd-import-generator has been added to
synthetisize image download jobs. This provides functionality similar
to importctl, but configured via the kernel command line and system
* A new generator sytemd-import-generator has been added to synthesize
image download jobs. This provides functionality similar to
importctl, but is configured via the kernel command line and system
credentials. It may be used to automatically download sysext,
confext, portable service, nspawn container or vmspawn VM images at
boot.
@ -617,6 +643,32 @@ CHANGES WITH 257 in spe:
systemd-homed to allow users to change selected properties of their
own user records.
systemd-run & run0:
* run0 gained a new pair of settings --pty and --pipe that control
whether to invoke the specified binary on a freshly allocated pseudo
TTY, or whether to pass the client's STDIN/STDOUT/STDERR through
directly.
* run0 gained a new switch --shell-prompt-prefix= that permits passing
in a string to display on each shell prompt as prefix. If not
specified otherwise this will show a superhero emoji (🦸), in order
to visually communicate the temporarily elevated privileges a run0
session provides. This makes use of the $SHELL_PROMPT_PREFIX
environment variables mentioned below.
* systemd-run can output some of its runtime data in JSON format via
the new --json= option.
systemd-tmpfiles:
* systemd-tmpfiles --purge switch now requires specification of at
least one tmpfiles.d/ drop-in file.
* tmpfiles.d/ files gained a new '?' specifier for the 'L' line type to
create a symlink only if the source exists, and gracefully skip the
line otherwise.
Miscellaneous:
* systemctl now supports the --now option with the 'reenable' verb.
@ -631,18 +683,13 @@ CHANGES WITH 257 in spe:
* localectl gained a -l/--full option to show output without
ellipsization.
* systemd-run can output some data as JSON via the new --json= option.
* timedatectl now supports interactive polkit authorization.
* systemd-tmpfiles --purge switch now requires specification of at
least one tmpfiles.d/ drop-in file.
* The new Linux mseal(), listmount(), statmount() syscalls have been
added to relevant system call groups.
* The systemd-ask-password concept has been extended with a per-user
concept, i.e. user programs may now ask for passwords via the same
* The systemd-ask-password logic has been extended with a per-user
scope, i.e. user programs may now ask for passwords via the same
mechanism and the previously system-wide only mechanism.
* A new set of system/service credentials are added:
@ -655,17 +702,8 @@ CHANGES WITH 257 in spe:
useful to visually highlight the fact a specific shell prompt
originates from a specific system, execution context or tool. These
credentials and environment variables are supposed to be generically
useful within and outside of the immediate systemd context.
* run0 gained a new pair of settings --pty and --pipe that control
whether to invoke the specified binary on a freshly allocated pseudo
TTY, or whether to pass the client's STDIN/STDOUT/STDERR through
directly. run0 also gained a new switch --shell-prompt-prefix= that
permits passing in a string to display on each shell prompt as
prefix. If not specified otherwise this will show a superman emoji
(🦸), in order to visually communicate the temporarily elevated
privileges a run0 session provides. This makes use of the
$SHELL_PROMPT_PREFIX environment variables mentioned above.
useful within and outside of the immediate systemd context. It is
also used by 'run0', see above.
* New RELEASE_TYPE=, EXPERIMENT=, EXPERIMENT_URL= fields have been
defined for the /etc/os-release file. For example,
@ -692,30 +730,82 @@ CHANGES WITH 257 in spe:
https://github.com/microsoft/terminal/pull/8055
https://conemu.github.io/en/AnsiEscapeCodes.html#ConEmu_specific_OSC
* systemd-sysusers is now able to create fully locked accounts. For
compatibility it so far created accounts with a locked (i.e. invalid)
password, but not marked locked as a whole. With the new "!" modifier
for "u" lines, it is now possible to create fully locked
accounts. The distinction between accounts with a locked password and
fully locked accounts is relevant when considering non-password forms
of authentication, i.e. SSH and such. It is strongly recommended to
make use of this new feature for almost all system accounts, since
they usually do not require (and should not permit) interactive
logins. All of systemd's own system users have been changed to be
marked as fully locked.
* systemd-sysusers is now able to create fully locked user
accounts. For compatibility it so far created accounts with a locked
(i.e. invalid) password, but not marked locked as a whole. With the
new "!" modifier for "u" lines, it is now possible to create fully
locked accounts. The distinction between accounts with a locked
password and fully locked accounts is relevant when considering
non-password forms of authentication, i.e. SSH and such. It is
strongly recommended to make use of this new feature for almost all
system accounts, since they usually do not require (and should not
permit) interactive logins. All of systemd's own system users have
been changed to be marked as fully locked.
* systemd-coredump now supports a new EnterNamespace= option, which
defaults to off. If enabled systemd-coredump will access the mount
namespace of any crashed process to acquire debug symbol information,
in order to be able to symbolized backtraces. This option is useful
to improve backtraces of processes of containerized
applications. (Note that the host systemd-coredump preferably
dispatches coredump processing to the container itself, if it
supports that. Only full-OS containers which run systemd inside will
support this however, in which case EnterNamespace= might be an
alternative approach to acquire symbolized backtraces.)
in order to be able to symbolize backtraces. This option is useful to
improve backtraces of processes of containerized applications. (Note
that the host systemd-coredump preferably dispatches coredump
processing to the container itself, if it supports that. Only full-OS
containers which run systemd inside will support this however, in
other cases EnterNamespace= might be an suitable approach to acquire
symbolized backtraces.)
— <place>, <date>
Contributions from: A. Wilcox, Abderrahim Kitouni, Adrian Vovk,
Alain Greppin, Allison Karlitskaya, Alyssa Ross, Anders Jonsson,
Andika Triwidada, Andres Beltran, Anouk Ceyssens, Anton Golubev,
Antonio Alvarez Feijoo, Arian van Putten, Arnaud Patard,
Arthur Shau, Bastien Nocera, Benjamin ROBIN, Brenton Simpson,
Bryan Gurney, ButterflyOfFire, Carlo Teubner, Celeste Liu,
Chen Guanqiao, Chen Qi, Chengen Du, Christoph Anton Mitterer,
Colin Foster, Collin L, Cristian Rodríguez, Daan De Meyer,
Dan Nicholson, Daniel Dawson, Daniel Martinez,
Daniel P. Berrangé, Daniel Rusek, Darsey Litzenberger,
David Joaquín Shourabi Porcel, David Michael, David Rheinsberg,
David Tardon, Davide Cavalca, Derek J. Clark, Diego Viola,
Dimitrys Meliates, Diogo Ivo, DocNITE, Dominique Martinet,
Dr. David Alan Gilbert, Edson Juliano Drosdeck, Erik Sjölund,
Etienne Champetier, Etienne Cordonnier, Ettore Atalan,
Eugeny Shcheglov, Fabian Vogt, Filip Lewiński, Florian Schmaus,
Franck Bui, Frantisek Sumsal, Fábio Rodrigues Ribeiro,
Gabriel Elyas, Gaël PORTAY, Giovanni Baratta, Gregor Herburger,
Gregory Arenius, GwynBleidD, Göran Uddeborg, Hans de Goede,
Helmut Grohne, Henry Chen, Ian Abbott, Integral, Ivan Kruglov,
Ivan Shapovalov, James Coglan, James Hilliard, James Muir,
Jason Yundt, Jeffrey Bosboom, Johannes Schneider,
John A. Leuenhagen, Jose Ignacio Tornos Martinez, JoseskVolpe,
Joshua Grisham, Jörg Behrmann, Kai-Chuan Hsieh, Kamil Szczęk,
Karel Zak, Kornilios Kourtis, Kuntal Majumder, Lennart Poettering,
Luca Boccassi, Lucas Adriano Salles, Lucas Werkmeister,
Ludwig Nussel, Luke T. Shumaker, Lukáš Nykrýn, Léane GRASSER,
Maanya Goenka, Mantas Mikulėnas, Marc Reisner, Marcel Hellwig,
Marin Kresic, Marius Hoch, Martin Srebotnjak, Martin Wilck,
Mary Strodl, Matteo Croce, Matthias Lisin, Matthias Schiffer,
Matthieu Baerts (NGI0), Matthieu CHARETTE,
Mauri de Souza Meneguzzo, Maximilian Wilhelm, Merlin Jehli,
Michael Ferrari, Michal Koutný, Michal Sekletár,
Michele Dionisio, Michiel, Mickaël Salaün, Mike Gilbert,
Mike Yuan, MkKvcs, Nick Cao, Nick Rosbrook, Nils K, Nova840,
Oğuz Ersen, Pavel Borecki, PavlNekrasov, Peter Hutterer,
Peter Rajnoha, Piotr Drąg, Raphaël Mélotte, Renan Guilherme,
Renjaya Raga Zenta, Ricky Tigg, Riku, Robin Lee, Ronan Pigott,
Ryan Wilson, Sam James, Sascha Mester, Sean Rhodes, Sergey A,
ShreyasMahangade, Simon Pilkington, Skye Chappelle, Steve Traylen,
Stuart Hayhurst, Susant Sahani, Takeo Kondo, Temuri Doghonadze,
Thomas Blume, Thorsten Scherer, Tobias Fleig, Tom Coldrick,
Tom Yan, Tomas Bzatek, Topi Miettinen, Uday Shankar,
Vasiliy Kovalev, Vitaly Kuznetsov, Vito Caputo, Vladimir Panteleev,
Will Fancher, WilliButz, Xeonacid, Yanqing Jing, Yu Watanabe,
Yuri Chornoivan, ZHANG Yuntian, Zbigniew Jędrzejewski-Szmek,
Zhou Qiankang, anonymix007, bryango, chayleaf, chenjiayi, csp5me,
cvlc12, fwfy, hugo303, jan@neighbourhood.ie, jauge-technica, lumingzh,
maia x., marginaldev, migleeson, nerdopolis, oldherl, pyfisch, q66,
rajmohan r, reDBo0n, rhellstrom, rindeal, samuelvw01, sinus-x, tfg13,
vdovhanych, xujing, Łukasz Stelmach, Дамјан Георгиевски
— Edinburgh, 2024-11-06
CHANGES WITH 256:
@ -2004,7 +2094,7 @@ CHANGES WITH 255:
respective SBAT sections, so that they can be revoked individually if
needed.
* systemd-boot will no longer load unverified Devicetree blobs when UEFI
* systemd-boot will no longer load unverified DeviceTree blobs when UEFI
SecureBoot is enabled. For more details see:
https://github.com/systemd/systemd/security/advisories/GHSA-6m6p-rjcq-334c
@ -2025,7 +2115,7 @@ CHANGES WITH 255:
command-line addons before measuring them in TPM2 PCR 12, in a single
measurement, instead of measuring them individually.
* systemd-stub will now measure and load Devicetree Blob addons, which
* systemd-stub will now measure and load DeviceTree Blob addons, which
are searched and loaded following the same model as the existing
kernel command-line addons.
@ -2033,7 +2123,7 @@ CHANGES WITH 255:
passed from systemd-boot when running inside Confidential VMs with UEFI
SecureBoot enabled.
* systemd-stub will now load a Devicetree blob even if the firmware did
* systemd-stub will now load a DeviceTree blob even if the firmware did
not load any beforehand (e.g.: for ACPI systems).
* ukify is no longer considered experimental, and now ships in /usr/bin/.
@ -2214,6 +2304,10 @@ CHANGES WITH 255:
specific devices explicitly. NetworkManager will soon implement a
similar logic.
* .network files gained a new MulticastIGMPVersion= setting in the
[Network] section, to control sysctl's
/proc/sys/net/ipv4/conf/INTERFACE/force_igmp_version setting.
systemctl:
* systemctl is-failed now checks the system state if no unit is
@ -4347,7 +4441,7 @@ CHANGES WITH 252 🎃:
* 'udevadm wait' will now listen to kernel uevents too when called with
--initialized=no.
* When naming network devices udev will now consult the Devicetree
* When naming network devices udev will now consult the DeviceTree
"alias" fields for the device.
* systemd-udev will now create infiniband/by-path and
@ -5157,7 +5251,7 @@ CHANGES WITH 250:
* A new kernel command line option systemd.watchdog_sec= is now
understood which may be used to override the hardware watchdog
time-out for the boot.
timeout for the boot.
* A new setting DefaultOOMScoreAdjust= is now supported in
/etc/systemd/system.conf and /etc/systemd/user.conf. It may be used
@ -5217,7 +5311,7 @@ CHANGES WITH 250:
variable passed to invoked processes.
* A new setting RuntimeRandomizedExtraSec= has been added for service
and scope units that allows extending the runtime time-out as
and scope units that allows extending the runtime timeout as
configured by RuntimeMaxSec= with a randomized amount.
* The syntax of the service unit settings RuntimeDirectory=,
@ -5580,7 +5674,7 @@ CHANGES WITH 250:
non-x86 architectures.
* bootctl learnt new set-timeout and set-timeout-oneshot commands that
may be used to set the boot menu time-out of the boot loader (for all
may be used to set the boot menu timeout of the boot loader (for all
or just the subsequent boot).
* bootctl and kernel-install will now read variables

6
TODO
View File

@ -129,6 +129,12 @@ Deprecations and removals:
Features:
* machined: when registering a machine, also take a relative cgroup path,
relative to the machine's unit. This is useful when registering unpriv
machines, as they might sit down the cgroup tree, below a cgroup delegation
boundary. Then, install an inotify watch on that cgroup to track when the
machine's local cgroup goes down.
* resolved: report ttl in resolution replies if we know it. This data is useful
for tools such as wireguard which want to periodically re-resolve DNS names,
and might want to use the TTL has hint for that.

View File

@ -15,18 +15,19 @@ SPDX-License-Identifier: LGPL-2.1-or-later
6. [RC1] Update library numbers in `meson.build`
7. Update version number in `meson.version` (e.g. from `256~devel` to `256~rc1` or from `256~rc3` to `256`). Note that this uses a tilde (\~) instead of a hyphen (-) because tildes sort lower in version comparisons according to the [version format specification](https://uapi-group.org/specifications/specs/version_format_specification/), and we want `255~rc1` to sort lower than `255`.
8. Check dbus docs with `ninja -C build update-dbus-docs`
9. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.
10. Tag the release: `version="v$(sed 's/~/-/g' meson.version)" && git tag -s "${version}" -m "systemd ${version}"` (tildes are replaced with hyphens, because git doesn't accept the former).
11. Do `ninja -C build`
12. Make sure that the version string and package string match: `build/systemctl --version`
13. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
14. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
15. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
16. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released | Online resources https://systemd.io/`)
17. [FINAL] Create an empty -stable branch: `git push systemd origin/main:refs/heads/v${version}-stable`.
18. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync`
9. Check manpages list with `ninja -C build update-man-rules`
10. Update translation strings (`ninja -C build systemd-pot`, `ninja -C build systemd-update-po`) - drop the header comments from `systemd.pot` + re-add SPDX before committing. If the only change in a file is the 'POT-Creation-Date' field, then ignore that file.
11. Tag the release: `version="v$(sed 's/~/-/g' meson.version)" && git tag -s "${version}" -m "systemd ${version}"` (tildes are replaced with hyphens, because git doesn't accept the former).
12. Do `ninja -C build`
13. Make sure that the version string and package string match: `build/systemctl --version`
14. [FINAL] Close the github milestone and open a new one (https://github.com/systemd/systemd/milestones)
15. "Draft" a new release on github (https://github.com/systemd/systemd/releases/new), mark "This is a pre-release" if appropriate.
16. Check that announcement to systemd-devel, with a copy&paste from NEWS, was sent. This should happen automatically.
17. Update IRC topic (`/msg chanserv TOPIC #systemd Version NNN released | Online resources https://systemd.io/`)
18. [FINAL] Create an empty -stable branch: `git push systemd origin/main:refs/heads/v${version}-stable`.
19. [FINAL] Build and upload the documentation (on the -stable branch): `ninja -C build doc-sync`
20. [FINAL] Change the Github Pages branch to the newly created branch (https://github.com/systemd/systemd/settings/pages) and set the 'Custom domain' to 'systemd.io'
21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `v256` to `v257~devel`)
21. [FINAL] Update version number in `meson.version` to the devel version of the next release (e.g. from `256` to `257~devel`)
# Steps to a Successful Stable Release

View File

@ -41,7 +41,7 @@ used for new, additional measurements.
## PCR Measurements Made by `systemd-boot` (UEFI)
### PCS 5, `EV_EVENT_TAG`, "loader.conf"
### PCS 5, `EV_EVENT_TAG`, `loader.conf`
The content of `systemd-boot`'s configuration file, `loader/loader.conf`, is
measured as a tagged event.
@ -52,7 +52,7 @@ measured as a tagged event.
**Measured hash** covers the content of `loader.conf` as it is read from the ESP.
### PCR 12, `EV_IPL`, "Kernel Command Line"
### PCR 12, `EV_IPL`, kernel command line
If the kernel command line was specified explicitly (by the user or in a Boot
Loader Specification Type #1 file), the kernel command line passed to the
@ -70,7 +70,7 @@ trailing NUL bytes).
## PCR Measurements Made by `systemd-stub` (UEFI)
### PCR 11, `EV_IPL`, "PE Section Name"
### PCR 11, `EV_IPL`, PE section name
A measurement is made for each PE section of the UKI that is defined by the
[UKI
@ -87,7 +87,7 @@ both types of records appear interleaved in the event log.
**Measured hash** covers the PE section name in ASCII (*including* a trailing NUL byte!).
### PCR 11, `EV_IPL`, "PE Section Data"
### PCR 11, `EV_IPL`, PE section data
Happens once for each UKI-defined PE section of the UKI, in the canonical UKI
PE section order, as per the UKI specification, see above.
@ -96,7 +96,7 @@ PE section order, as per the UKI specification, see above.
**Measured hash** covers the (binary) PE section contents.
### PCR 12, `EV_IPL`, "Kernel Command Line"
### PCR 12, `EV_IPL`, kernel command line
Might happen up to three times, for kernel command lines from:
@ -110,37 +110,37 @@ UTF-16.
**Measured hash** covers the literal kernel command line in UTF-16 (without any
trailing NUL bytes).
### PCR 12, `EV_EVENT_TAG`, "Devicetrees"
### PCR 12, `EV_EVENT_TAG`, DeviceTrees
Devicetree addons are measured individually as a tagged event.
DeviceTree addons are measured individually as a tagged event.
**Event Tag** `0x6c46f751`
**Description** the addon filename.
**Description** is the addon filename.
**Measured hash** covers the content of the Devicetree.
**Measured hash** covers the content of the DeviceTree.
### PCR 12, `EV_EVENT_TAG`, "Initrd addons"
### PCR 12, `EV_EVENT_TAG`, initrd addons
Initrd addons are measured individually as a tagged event.
**Event Tag** `0x49dffe0f`
**Description** the addon filename.
**Description** is the addon filename.
**Measured hash** covers the contents of the initrd.
### PCR 12, `EV_EVENT_TAG`, "Ucode addons"
### PCR 12, `EV_EVENT_TAG`, ucode addons
Ucode addons are measured individually as a tagged event.
**Event Tag** `0xdac08e1a`
**Description** the addon filename.
**Description** is the addon filename.
**Measured hash** covers the contents of the ucode initrd.
### PCR 12, `EV_IPL`, "Per-UKI Credentials initrd"
### PCR 12, `EV_IPL`, per-uki credentials initrd
**Description** in the event log record is the constant string "Credentials
initrd" in UTF-16.
@ -148,7 +148,7 @@ initrd" in UTF-16.
**Measured hash** covers the per-UKI credentials cpio archive (which is generated
on-the-fly by `systemd-stub`).
### PCR 12, `EV_IPL`, "Global Credentials initrd"
### PCR 12, `EV_IPL`, global credentials initrd
**Description** in the event log record is the constant string "Global
credentials initrd" in UTF-16.
@ -156,7 +156,7 @@ credentials initrd" in UTF-16.
**Measured hash** covers the global credentials cpio archive (which is generated
on-the-fly by `systemd-stub`).
### PCR 13, `EV_IPL`, "sysext initrd"
### PCR 13, `EV_IPL`, sysext initrd
**Description** in the event log record is the constant string "System extension
initrd" in UTF-16.
@ -166,7 +166,7 @@ on-the-fly by `systemd-stub`).
## PCR Measurements Made by `systemd-pcrextend` (Userspace)
### PCR 11, "Boot Phases"
### PCR 11, boot phases
The `systemd-pcrphase.service`, `systemd-pcrphase-initrd.service`,
`systemd-pcrphase-sysinit.service` services will measure the boot phase reached
@ -178,7 +178,7 @@ choose to define additional/different phases.)
**Measured hash** covers the phase string (in UTF-8, without trailing NUL
bytes).
### PCR 15, "Machine ID"
### PCR 15, machine ID
The `systemd-pcrmachine.service` service will measure the machine ID (as read
from `/etc/machine-id`) during boot.
@ -187,7 +187,7 @@ from `/etc/machine-id`) during boot.
formatted in hexadecimal lowercase characters (in UTF-8, without trailing NUL
bytes).
### PCR 15, "File System"
### PCR 15, file system
The `systemd-pcrfs-root.service` and `systemd-pcrfs@.service` services will
measure a string identifying a specific file system, typically covering the
@ -200,7 +200,7 @@ without trailing NUL bytes).
## PCR Measurements Made by `systemd-cryptsetup` (Userspace)
### PCR 15, "Volume Key"
### PCR 15, volume key
The `systemd-cryptsetup@.service` service will measure a key derived from the
LUKS volume key of a specific encrypted volume, typically covering the backing

View File

@ -43040,6 +43040,9 @@ OUI:0C4314*
OUI:0C43F9*
ID_OUI_FROM_DATABASE=Amazon Technologies Inc.
OUI:0C44C0*
ID_OUI_FROM_DATABASE=zte corporation
OUI:0C45BA*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -43061,6 +43064,15 @@ OUI:0C47A94*
OUI:0C47A97*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A9A*
ID_OUI_FROM_DATABASE=Lens Technology (Xiangtan) Co.,Ltd
OUI:0C47A9B*
ID_OUI_FROM_DATABASE=Shenzhen Hebang Electronic Co., Ltd
OUI:0C47A9C*
ID_OUI_FROM_DATABASE=Annapurna labs
OUI:0C47A9D*
ID_OUI_FROM_DATABASE=DIG_LINK
@ -46658,6 +46670,9 @@ OUI:14E7C8*
OUI:14E9B2*
ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD
OUI:14EAA1*
ID_OUI_FROM_DATABASE=Micronet union Technology (chengdu) co., Ltd
OUI:14EB08*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -48185,6 +48200,9 @@ OUI:1C08C1*
OUI:1C0B52*
ID_OUI_FROM_DATABASE=EPICOM S.A
OUI:1C0B8B*
ID_OUI_FROM_DATABASE=Ubiquiti Inc
OUI:1C0D7D*
ID_OUI_FROM_DATABASE=Apple, Inc.
@ -50186,6 +50204,9 @@ OUI:2050E7*
OUI:205383*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
OUI:20538D*
ID_OUI_FROM_DATABASE=Hon Hai Precision Industry Co., Ltd.
OUI:2053CA*
ID_OUI_FROM_DATABASE=Risk Technology Ltd
@ -51474,7 +51495,7 @@ OUI:245DFCB*
ID_OUI_FROM_DATABASE=ONLY
OUI:245DFCC*
ID_OUI_FROM_DATABASE=Senix Corporation
ID_OUI_FROM_DATABASE=Senix
OUI:245DFCD*
ID_OUI_FROM_DATABASE=Hunan Honestone lntelligence Technology Co.,Ltd
@ -54347,6 +54368,9 @@ OUI:2C64F6*
OUI:2C66AD*
ID_OUI_FROM_DATABASE=NimbleTech Digital Inc.
OUI:2C66F5*
ID_OUI_FROM_DATABASE=SHENZHEN ELECTRICAL APPLIANCES CO.
OUI:2C6798*
ID_OUI_FROM_DATABASE=InTalTech Ltd.
@ -55022,6 +55046,9 @@ OUI:2CDDA3*
OUI:2CDDE9*
ID_OUI_FROM_DATABASE=Arista Networks
OUI:2CDFE6*
ID_OUI_FROM_DATABASE=Raisecom Technology CO., LTD
OUI:2CE032*
ID_OUI_FROM_DATABASE=TCL King Electrical Appliances(Huizhou)Co.,Ltd
@ -58142,6 +58169,9 @@ OUI:382187*
OUI:3821C7*
ID_OUI_FROM_DATABASE=Hewlett Packard Enterprise
OUI:382228*
ID_OUI_FROM_DATABASE=Telink Micro LLC
OUI:38229D*
ID_OUI_FROM_DATABASE=ADB Broadband Italia
@ -68906,6 +68936,9 @@ OUI:580A20*
OUI:580AD4*
ID_OUI_FROM_DATABASE=Apple, Inc.
OUI:580D0D*
ID_OUI_FROM_DATABASE=GREE ELECTRIC APPLIANCES, INC. OF ZHUHAI
OUI:581031*
ID_OUI_FROM_DATABASE=Hon Hai Precision IND.CO.,LTD
@ -69872,6 +69905,9 @@ OUI:58D50A*
OUI:58D56E*
ID_OUI_FROM_DATABASE=D-Link International
OUI:58D61F*
ID_OUI_FROM_DATABASE=Ubiquiti Inc
OUI:58D67A*
ID_OUI_FROM_DATABASE=TCPlink
@ -74780,6 +74816,9 @@ OUI:689423*
OUI:68944A*
ID_OUI_FROM_DATABASE=zte corporation
OUI:689575*
ID_OUI_FROM_DATABASE=Zhejiang Bodyguard Electronic Co., Ltd
OUI:68962E*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD
@ -75857,6 +75896,9 @@ OUI:6C62FE*
OUI:6C639C*
ID_OUI_FROM_DATABASE=Commscope
OUI:6C63F8*
ID_OUI_FROM_DATABASE=Ubiquiti Inc
OUI:6C641A*
ID_OUI_FROM_DATABASE=Penguin Computing
@ -91961,6 +92003,9 @@ OUI:78257A*
OUI:7825AD*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
OUI:7826A6*
ID_OUI_FROM_DATABASE=zte corporation
OUI:7828CA*
ID_OUI_FROM_DATABASE=Sonos, Inc.
@ -99560,6 +99605,9 @@ OUI:8C1F6416E*
OUI:8C1F64170*
ID_OUI_FROM_DATABASE=Fracarro Radioindustrie Srl
OUI:8C1F64175*
ID_OUI_FROM_DATABASE=Wuhan YiValley Opto-electric technology Co.,Ltd
OUI:8C1F64177*
ID_OUI_FROM_DATABASE=Emcom Systems
@ -100382,6 +100430,9 @@ OUI:8C1F643B7*
OUI:8C1F643B8*
ID_OUI_FROM_DATABASE=HUBRIS TECHNOLOGIES PRIVATE LIMITED
OUI:8C1F643BA*
ID_OUI_FROM_DATABASE=MITSUBISHI ELECTRIC INDIA PVT. LTD.
OUI:8C1F643BB*
ID_OUI_FROM_DATABASE=Clausal Computing Oy
@ -101690,6 +101741,9 @@ OUI:8C1F6474B*
OUI:8C1F6474E*
ID_OUI_FROM_DATABASE=OpenPark Technologies Kft
OUI:8C1F64751*
ID_OUI_FROM_DATABASE=CITSA Technologies Private Limited
OUI:8C1F64755*
ID_OUI_FROM_DATABASE=Flextronics International Kft
@ -101711,6 +101765,9 @@ OUI:8C1F64760*
OUI:8C1F64762*
ID_OUI_FROM_DATABASE=Support Professionals B.V.
OUI:8C1F64763*
ID_OUI_FROM_DATABASE=Anduril Imaging
OUI:8C1F64764*
ID_OUI_FROM_DATABASE=nanoTRONIX Computing Inc.
@ -103556,6 +103613,9 @@ OUI:8C1F64C5D*
OUI:8C1F64C5E*
ID_OUI_FROM_DATABASE=YUYAMA MFG Co.,Ltd
OUI:8C1F64C60*
ID_OUI_FROM_DATABASE=Intelligent Security Systems (ISS)
OUI:8C1F64C61*
ID_OUI_FROM_DATABASE=Beijing Ceresdate Technology Co.,LTD
@ -104471,6 +104531,9 @@ OUI:8C1F64F13*
OUI:8C1F64F14*
ID_OUI_FROM_DATABASE=Elektrosil GmbH
OUI:8C1F64F19*
ID_OUI_FROM_DATABASE=Hurry-tech
OUI:8C1F64F1B*
ID_OUI_FROM_DATABASE=Nextep Co.,Ltd.
@ -112361,6 +112424,9 @@ OUI:A08966*
OUI:A089E4*
ID_OUI_FROM_DATABASE=Skyworth Digital Technology(Shenzhen) Co.,Ltd
OUI:A08A06*
ID_OUI_FROM_DATABASE=ASKEY COMPUTER CORP
OUI:A08A87*
ID_OUI_FROM_DATABASE=HuiZhou KaiYue Electronic Co.,Ltd
@ -114656,6 +114722,9 @@ OUI:A84041*
OUI:A8407D*
ID_OUI_FROM_DATABASE=GD Midea Air-Conditioning Equipment Co.,Ltd.
OUI:A840F8*
ID_OUI_FROM_DATABASE=HUMAX NETWORKS
OUI:A84122*
ID_OUI_FROM_DATABASE=China Mobile (Hangzhou) Information Technology Co.,Ltd.
@ -121592,6 +121661,9 @@ OUI:BCBD84*
OUI:BCBD9E*
ID_OUI_FROM_DATABASE=ITEL MOBILE LIMITED
OUI:BCBEFB*
ID_OUI_FROM_DATABASE=ASL Xiamen Technology CO., LTD
OUI:BCC00F*
ID_OUI_FROM_DATABASE=Fiberhome Telecommunication Technologies Co.,LTD
@ -126158,6 +126230,9 @@ OUI:C8FAE1*
OUI:C8FB26*
ID_OUI_FROM_DATABASE=Cisco SPVTG
OUI:C8FB54*
ID_OUI_FROM_DATABASE=iMin Technology Pte. Ltd.
OUI:C8FD19*
ID_OUI_FROM_DATABASE=Texas Instruments
@ -130412,6 +130487,9 @@ OUI:D4E32C*
OUI:D4E33F*
ID_OUI_FROM_DATABASE=Nokia
OUI:D4E3C5*
ID_OUI_FROM_DATABASE=zte corporation
OUI:D4E6B7*
ID_OUI_FROM_DATABASE=Samsung Electronics Co.,Ltd
@ -137237,6 +137315,9 @@ OUI:EC74BA*
OUI:EC74D7*
ID_OUI_FROM_DATABASE=Grandstream Networks Inc
OUI:EC750C*
ID_OUI_FROM_DATABASE=TP-Link Systems Inc.
OUI:EC753E*
ID_OUI_FROM_DATABASE=HUAWEI TECHNOLOGIES CO.,LTD

View File

@ -1,5 +1,5 @@
--- 20-acpi-vendor.hwdb.base 2024-11-01 10:15:52.858625476 +0100
+++ 20-acpi-vendor.hwdb 2024-11-01 10:15:52.863625568 +0100
--- 20-acpi-vendor.hwdb.base 2024-11-06 10:40:14.734611315 +0000
+++ 20-acpi-vendor.hwdb 2024-11-06 10:40:14.738611667 +0000
@@ -3,6 +3,8 @@
# Data imported from:
# https://uefi.org/uefi-pnp-export

View File

@ -1149,6 +1149,11 @@ evdev:name:SIPODEV Lenovo HID Device:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IG
evdev:name:SIPODEV Lenovo HID Device Consumer Control:dmi:*:svnLENOVO:*:pvrLenovoideapadD330-10IGM:*
KEYBOARD_KEY_c00ff=fn_esc # Fn+Tab (FnLk toggle)
# Lenovo Thinkbook 16 G6+ 2024
evdev:atkbd:dmi:bvn*:bvr*:bd*:svnLENOVO:pn21LG:pvr*
KEYBOARD_KEY_0a=!9
KEYBOARD_KEY_0b=!0
###########################################################
# LG
###########################################################

File diff suppressed because it is too large Load Diff

View File

@ -13067,6 +13067,12 @@ D00000-DFFFFF (base 16) DIG_LINK
Uttar Pradesh 201301
IN
0C-47-A9 (hex) Lens Technology (Xiangtan) Co.,Ltd
A00000-AFFFFF (base 16) Lens Technology (Xiangtan) Co.,Ltd
16 Baishi West Road, Xiangtan Economic and Technological Development Zone
Xiangtan Hunan 411100
CN
B8-4C-87 (hex) Altronix , Corp
A00000-AFFFFF (base 16) Altronix , Corp
140 58th St. Bldg A, Ste 2N
@ -21617,12 +21623,6 @@ E8-6C-C7 (hex) KLAB
Yuseong-gu Daejeon 34014
KR
24-5D-FC (hex) Senix Corporation
C00000-CFFFFF (base 16) Senix Corporation
10516 Route 116, Suite 300
Hinesburg VT 05461
US
24-5D-FC (hex) Hunan Honestone lntelligence Technology Co.,Ltd
D00000-DFFFFF (base 16) Hunan Honestone lntelligence Technology Co.,Ltd
705, Building 1, Fortune Plaza, Wankuntu, Xiangzhang Road, Yuhua District, Changsha City,
@ -26450,6 +26450,12 @@ E00000-EFFFFF (base 16) JET OPTOELECTRONICS CO., LTD.
Mail box 15123 Haifa 3508409
IL
24-5D-FC (hex) Senix
C00000-CFFFFF (base 16) Senix
10516 Route 116, Suite 300
Hinesburg VT 05461
US
0C-47-A9 (hex) Private
400000-4FFFFF (base 16) Private
@ -33193,3 +33199,15 @@ AC-EF-92 (hex) LIFT CONTROLS PRIVATE LIMITED
Survey no 39/1, Murdi, Khandepar, Ponda
Ponda Goa 403406
IN
0C-47-A9 (hex) Annapurna labs
C00000-CFFFFF (base 16) Annapurna labs
Matam Scientific Industries Center, Building 8.2
Mail box 15123 Haifa 3508409
IL
0C-47-A9 (hex) Shenzhen Hebang Electronic Co., Ltd
B00000-BFFFFF (base 16) Shenzhen Hebang Electronic Co., Ltd
2nd Floor West, Bldg B, Kelunte Low Carbon Industry Park, Huarong Road, Dalang, Longhua District
Shenzhen 518000
CN

File diff suppressed because it is too large Load Diff

View File

@ -529,8 +529,9 @@
<varlistentry>
<term><option>--secure-boot-auto-enroll=yes|no</option></term>
<term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE[:NAME]</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<term><option>--certificate=<replaceable>PATH</replaceable></option></term>
<term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<listitem><para>Configure the ESP for secure boot auto-enrollment when invoking the
<command>install</command> command. Takes a boolean argument. Disabled by default. Enabling this
@ -542,9 +543,12 @@
<para>When specifying this option, a certificate and private key have to be provided as well using
the <option>--certificate=</option> and <option>--private-key=</option> options. The
<option>--certificate=</option> option takes a path to a PEM encoded X.509 certificate. The
<option>--private-key=</option> option can take a path or a URI that will be passed to the OpenSSL
engine or provider, as specified by <option>--private-key-source=</option> as a
<option>--certificate=</option> option takes a path to a PEM encoded X.509 certificate or a URI
that's passed to the OpenSSL provider configured with <option>--certificate-source</option> which
takes one of <literal>file</literal> or <literal>provider</literal>, with the latter being followed
by a specific provider identifier, separated with a colon, e.g. <literal>provider:pkcs11</literal>.
The <option>--private-key=</option> option can take a path or a URI that will be passed to the
OpenSSL engine or provider, as specified by <option>--private-key-source=</option> as a
<literal>type:name</literal> tuple, such as <literal>engine:pkcs11</literal>. The specified OpenSSL
signing engine or provider will be used to sign the EFI signature lists.</para>

View File

@ -106,17 +106,17 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>user@.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.slice</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-run</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -269,18 +269,39 @@
<listitem><para>Specifies the kernel keyring and key description
(see <citerefentry project='man-pages'><refentrytitle>keyrings</refentrytitle><manvolnum>7</manvolnum></citerefentry>)
where LUKS2 volume key gets linked during device activation. The kernel keyring
description and key description must be separated by <literal>::</literal>.</para>
description and key description are separated by <literal>::</literal>.</para>
<para>The kernel keyring part can be a string description or a predefined
kernel keyring prefixed with <literal>@</literal> (e.g.: to use <literal>@s</literal> session or
<literal>@u</literal> user keyring directly). The type prefix text in the kernel keyring description
is not required. The specified kernel keyring must already exist at the time of device activation.</para>
kernel keyring specification prefixed with <literal>@</literal> (e.g.: to use <literal>@u</literal> root user keyring directly).
The type prefix text in the kernel keyring description is not required.
The specified kernel keyring must already exist at the time of device activation.</para>
<para>The key part is a string description optionally prefixed by a <literal>%key_type:</literal>.
If no type is specified, the <literal>user</literal> type key is linked by default. See
<para>The key part is a string description optionally prefixed by a <literal>%user:</literal> or
<literal>%logon:</literal>. If no type is specified, the <literal>user</literal> type key is linked
by default. See
<citerefentry project='man-pages'><refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for more information on key descriptions (KEY IDENTIFIERS section).</para>
<para>Alternatively, it takes specification for the volume key to be linked in a kernel key
with a description derived automatically from LUKS device UUID (e.g.: <literal>systemd-cryptsetup:vk-b40f1abf-2a53-400a-889a-2eccc27eaa40</literal>).
There are several possible specifications:</para>
<para>If no <literal>::</literal> substring is specified, the whole string is interpreted as a
keyring description. The volume key gets linked in a <literal>user</literal> type key
with a key description derived from LUKS UUID.</para>
<para>If only the key part of the option value is missing, the volume key gets linked in
a specified keyring with the specified key type. Only the key description is derived from
LUKS UUID.</para>
<para>Following example option values link a volume key in the key description derived from LUKS UUID:
The value <literal>@u</literal> specifies a request to link the volume key in the root
user keyring in the user type. The value <literal>@u::%logon</literal> specifies the volume key
linked in the root user keyring and the logon type. The value <literal>my_custom_keyring</literal>
specifies the volume key linked in the root user type key in the keyring described in the passed
description. The value <literal>my_custom_keyring::%logon</literal> specifies the volume key linked
in the keyring described by <literal>my_custom_keyring</literal> description in the logon type.</para>
<para>Note that the linked volume key is not cleaned up automatically when the device is detached.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
@ -950,7 +971,7 @@
for supported formats). Defaults to 30s. Once the specified timeout elapsed authentication via
password is attempted. Note that this timeout applies to waiting for the security device to show up —
it does not apply to the PIN prompt for the device (should one be needed) or similar. Pass 0 to turn
off the time-out and wait forever.</para>
off the timeout and wait forever.</para>
<xi:include href="version-info.xml" xpointer="v250"/></listitem>
</varlistentry>

View File

@ -145,10 +145,8 @@ PROPERTY_WITH_SPACES=some string</programlisting>
<refsect1>
<title>See Also</title>
<para>
<citerefentry>
<refentrytitle>systemd-hwdb</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd-hwdb</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -35,6 +35,7 @@
#include &lt;systemd/sd-login.h&gt;
#include &lt;systemd/sd-messages.h&gt;
#include &lt;systemd/sd-path.h&gt;
#include &lt;systemd/sd-varlink.h&gt;
</programlisting>
<cmdsynopsis>
@ -61,8 +62,9 @@
<citerefentry><refentrytitle>sd-id128</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
<citerefentry><refentrytitle>sd-json</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
and
<citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>sd-varlink</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for information about different parts of the library interface.</para>
</refsect1>

View File

@ -89,7 +89,9 @@ node /org/freedesktop/LogControl1 {
<citerefentry project="man-pages"><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry> call).
</para>
<para>Those two properties are writable, so they may be set by sufficiently privileged users.</para>
<caution><title>Write Access</title><para>The <varname>LogLevel</varname> and
<varname>LogTarget</varname> properties are supposed to be writable. Care should be taken to ensure
that only appropriately privileged clients can modify them.</para></caution>
<para><varname>SyslogIdentifier</varname> is a read-only property that shows the "syslog identifier".
It is a short string that identifies the program that is the source of log messages that is passed to
@ -127,6 +129,11 @@ node /org/freedesktop/LogControl1 {
<para>This creates a simple server on the bus. It implements the LogControl1 interface by providing
the required properties and allowing to set the writable ones. It logs at the configured log level using
<citerefentry><refentrytitle>sd_journal_print</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
<para>Note that when porting this example to other D-Bus libraries it might be necessary to add manual
client privilege checks, as they typically do not default to the restrictive defaults of sd-bus, where
unprivileged access to properties is controlled via the <constant>SD_BUS_VTABLE_UNPRIVILEGED</constant>
flag that is opt-in rather than opt-out.</para>
</example>
</refsect1>

View File

@ -427,8 +427,6 @@ node /org/freedesktop/hostname1 {
name.</para>
</refsect1>
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>Examples</title>
@ -442,12 +440,7 @@ node /org/freedesktop/hostname1 {
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para>David Zeuthen's original Fedora
<ulink url="https://fedoraproject.org/wiki/Features/BetterHostname">Feature page about xdg-hostname</ulink></para>
</refsect1>
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>History</title>
@ -462,4 +455,16 @@ node /org/freedesktop/hostname1 {
<varname>VSockCID</varname> were added in version 256.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-hostnamed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member>David Zeuthen's original Fedora
<ulink url="https://fedoraproject.org/wiki/Features/BetterHostname">Feature page about xdg-hostname</ulink></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -453,6 +453,7 @@ node /org/freedesktop/import1/transfer/_1 {
</refsect1>
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>History</title>
<refsect2>
@ -469,4 +470,13 @@ node /org/freedesktop/import1/transfer/_1 {
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-importd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -185,4 +185,14 @@ $ gdbus introspect --system \
<para>These D-Bus interfaces follow <ulink url="https://0pointer.de/blog/projects/versioning-dbus.html">
the usual interface versioning guidelines</ulink>.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-localed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -1648,4 +1648,13 @@ node /org/freedesktop/login1/session/1 {
<para><function>SetClass()</function> was added in version 256.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>loginctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -719,4 +719,13 @@ $ gdbus introspect --system \
and <varname>SSHPrivateKeyPath</varname> were added in version 256.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -602,4 +602,13 @@ $ gdbus introspect --system \
<para><varname>NamespaceNSID</varname> was added in version 256.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -103,4 +103,14 @@ node /org/freedesktop/oom1 {
<para><function>Killed()</function> was added in version 252.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>oomctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -591,4 +591,13 @@ node /org/freedesktop/portable1 {
<para><function>ReattachWithExtensions()</function> was added in version 254.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-portabled.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>portablectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -935,4 +935,13 @@ $ gdbus introspect --system \
</refsect1>
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>resolvectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -3263,6 +3263,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PrivatePIDs = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@ -4584,6 +4586,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivatePIDs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
@ -4870,6 +4874,11 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2eservice {
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Unlike boolean <varname>ProtectControlGroups</varname>, <varname>ProtectControlGroupsEx</varname>
is a string type.</para>
<para><varname>PrivatePIDs</varname> implements the destination parameter of the
unit file setting <varname>PrivatePIDs=</varname> listed in
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Note <varname>PrivatePIDs</varname> is a string type to allow adding more values in the future.</para>
</refsect2>
</refsect1>
@ -5439,6 +5448,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PrivatePIDs = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@ -6744,6 +6755,8 @@ node /org/freedesktop/systemd1/unit/avahi_2ddaemon_2esocket {
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivatePIDs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
@ -7442,6 +7455,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PrivatePIDs = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@ -8585,6 +8600,8 @@ node /org/freedesktop/systemd1/unit/home_2emount {
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivatePIDs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
@ -9412,6 +9429,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly b PrivateIPC = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s PrivatePIDs = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectHome = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly s ProtectSystem = '...';
@ -10527,6 +10546,8 @@ node /org/freedesktop/systemd1/unit/dev_2dsda3_2eswap {
<variablelist class="dbus-property" generated="True" extra-ref="PrivateIPC"/>
<variablelist class="dbus-property" generated="True" extra-ref="PrivatePIDs"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectHome"/>
<variablelist class="dbus-property" generated="True" extra-ref="ProtectSystem"/>
@ -12281,8 +12302,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
<varname>ExtraFileDescriptorNames</varname>,
<varname>ManagedOOMMemoryPressureDurationUSec</varname>,
<varname>BindLogSockets</varname>,
<varname>ProtectControlGroupsEx</varname>, and
<varname>PrivateUsersEx</varname> were added in version 257.</para>
<varname>ProtectControlGroupsEx</varname>,
<varname>PrivateUsersEx</varname>, and
<varname>PrivatePIDs</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Socket Unit Objects</title>
@ -12323,8 +12345,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
<varname>ImportCredentialEx</varname>,
<varname>BindLogSockets</varname>,
<varname>PrivateUsersEx</varname>,
<varname>ManagedOOMMemoryPressureDurationUSec</varname>, and
<varname>ProtectControlGroupsEx</varname> were added in version 257.</para>
<varname>ManagedOOMMemoryPressureDurationUSec</varname>,
<varname>ProtectControlGroupsEx</varname>, and
<varname>PrivatePIDs</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Mount Unit Objects</title>
@ -12362,8 +12385,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
<varname>ImportCredentialEx</varname>,
<varname>BindLogSockets</varname>,
<varname>PrivateUsersEx</varname>,
<varname>ManagedOOMMemoryPressureDurationUSec</varname>, and
<varname>ProtectControlGroupsEx</varname> were added in version 257.</para>
<varname>ManagedOOMMemoryPressureDurationUSec</varname>,
<varname>ProtectControlGroupsEx</varname>, and
<varname>PrivatePIDs</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Swap Unit Objects</title>
@ -12401,8 +12425,9 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
<varname>ImportCredentialEx</varname>,
<varname>BindLogSockets</varname>,
<varname>PrivateUsersEx</varname>,
<varname>ManagedOOMMemoryPressureDurationUSec</varname>, and
<varname>ProtectControlGroupsEx</varname> were added in version 257.</para>
<varname>ManagedOOMMemoryPressureDurationUSec</varname>,
<varname>ProtectControlGroupsEx</varname>, and
<varname>PrivatePIDs</varname> were added in version 257.</para>
</refsect2>
<refsect2>
<title>Slice Unit Objects</title>
@ -12464,4 +12489,13 @@ $ gdbus introspect --system --dest org.freedesktop.systemd1 \
<para><varname>DeferReactivation</varname> was added in version 257.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -582,4 +582,13 @@ node /org/freedesktop/sysupdate1/job/_1 {
<varname>Progress</varname> were added in version 257.</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysupdated.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>updatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -194,7 +194,11 @@ $ gdbus introspect --system \
<refsect1>
<title>See Also</title>
<para><ulink url="https://lists.freedesktop.org/archives/systemd-devel/2011-May/002526.html">More information on how the system clock and RTC interact</ulink></para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-timedate.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>timedatectl.service</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><ulink url="https://lists.freedesktop.org/archives/systemd-devel/2011-May/002526.html">More information on how the system clock and RTC interact</ulink></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -153,4 +153,11 @@ $ gdbus introspect --system \
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-timesync.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -91,9 +91,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd-pstore.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -155,6 +155,7 @@ manpages = [
['sd-journal', '3', [], ''],
['sd-json', '3', [], ''],
['sd-login', '3', [], 'HAVE_PAM'],
['sd-varlink', '3', [], ''],
['sd_booted', '3', [], ''],
['sd_bus_add_match',
'3',
@ -1068,6 +1069,7 @@ manpages = [
'ENABLE_RFKILL'],
['systemd-run-generator', '8', [], ''],
['systemd-run', '1', [], ''],
['systemd-sbsign', '1', [], ''],
['systemd-sleep.conf', '5', ['sleep.conf.d'], ''],
['systemd-socket-activate', '1', [], ''],
['systemd-socket-proxyd', '8', [], ''],

View File

@ -179,6 +179,9 @@
<member><citerefentry><refentrytitle>sd_bus_track_new</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
</simplelist>
for more information about the functions available.</para>
<para>The <citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool
makes the functionality implemented by sd-bus available from the command line.</para>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
@ -189,9 +192,10 @@
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-event</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>busctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-varlink</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>dbus-daemon</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>dbus-send</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -84,7 +84,8 @@
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>,
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-varlink</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

64
man/sd-varlink.xml Normal file
View File

@ -0,0 +1,64 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="sd-varlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>sd-varlink</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>sd-varlink</refentrytitle>
<manvolnum>3</manvolnum>
</refmeta>
<refnamediv>
<refname>sd-varlink</refname>
<refpurpose>APIs for Varlink IPC</refpurpose>
</refnamediv>
<refsynopsisdiv>
<funcsynopsis>
<funcsynopsisinfo>#include &lt;systemd/sd-varlink.h&gt;</funcsynopsisinfo>
</funcsynopsis>
<cmdsynopsis>
<command>pkg-config --cflags --libs libsystemd</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><filename>sd-varlink.h</filename> is part of
<citerefentry><refentrytitle>libsystemd</refentrytitle><manvolnum>3</manvolnum></citerefentry> and
provides APIs for implementing Varlink IPC clients and services. See <ulink url="https://varlink.org/"/>
for more information about Varlink IPC.</para>
<para>Varlink IPC uses <ulink url="https://json.org/">JSON</ulink> as marshalling format. The sd-varlink
API relies on the
<citerefentry><refentrytitle>sd-json</refentrytitle><manvolnum>3</manvolnum></citerefentry> API for JSON
serialization, deserialization and manipulation.</para>
<para>The <citerefentry><refentrytitle>varlinkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> tool
makes the functionality implemented by sd-varlink available from the command line.</para>
</refsect1>
<xi:include href="libsystemd-pkgconfig.xml" />
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-event</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-json</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>varlinkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-bus</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -66,8 +66,8 @@
<constant>POLLIN</constant>, <constant>POLLOUT</constant>, … events, or negative on error.
</para>
<para><function>sd_bus_get_timeout()</function> returns the <emphasis>absolute</emphasis> time-out in μs,
from which the relative time-out to pass to <function>poll()</function> (or a similar call) can be
<para><function>sd_bus_get_timeout()</function> returns the <emphasis>absolute</emphasis> timeout in μs,
from which the relative timeout to pass to <function>poll()</function> (or a similar call) can be
derived, when waiting for events on the specified bus connection. The returned timeout may be zero, in
which case a subsequent I/O polling call should be invoked in non-blocking mode. The returned timeout may
be <constant>UINT64_MAX</constant> in which case the I/O polling call may block indefinitely, without any

View File

@ -40,7 +40,7 @@
<para><function>sd_bus_pending_method_calls()</function> returns the number of currently pending outgoing
method calls, i.e. method calls enqueued with
<citerefentry><refentrytitle>sd_bus_call_async</refentrytitle><manvolnum>3</manvolnum></citerefentry> for
which no reply has been received yet, and which have not reached a time-out yet.</para>
which no reply has been received yet, and which have not reached a timeout yet.</para>
<para>The <parameter>bus</parameter> argument may be <constant>NULL</constant>, in which case zero is
returned.</para>

View File

@ -250,9 +250,10 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-device</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -83,7 +83,7 @@
<citerefentry><refentrytitle>sd_event_add_signal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
…) has the effect of <function>sd_event_exit()</function> being invoked once the event source triggers,
with the specified userdata pointer cast to an integer as the exit code parameter. This is useful to
automatically terminate an event loop after some condition, such as a time-out or reception of
automatically terminate an event loop after some condition, such as a timeout or reception of
<constant>SIGTERM</constant> or similar. See the documentation for the respective constructor call for
details.</para>
</refsect1>

View File

@ -77,9 +77,10 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -226,10 +226,11 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd-path</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-path</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-path</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -75,9 +75,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -241,7 +241,7 @@
<listitem><para>Controls whether to query the system-wide or the per-user password agents. By default
if invoked privileged the system-wide agents are queried, otherwise the per-user ones. These options
allow to override this automatic behaviour.</para>
allow one to override this automatic behaviour.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>

View File

@ -71,9 +71,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -83,9 +83,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -79,9 +79,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -221,6 +221,63 @@
<xi:include href="version-info.xml" xpointer="v208"/>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>luks.link-volume-key=</varname></term>
<term><varname>rd.luks.link-volume-key=</varname></term>
<listitem><para>Specifies a kernel key type and a kernel keyring where
LUKS2 volume keys get linked during the device activation. This option
only supports the automatic flavor where key description of a linked
key is derived from LUKS device uuid upon activation (unlike
<literal>link-vokume-key</literal> parameter of
<option>luks.options</option> where also specific key description
may be added).</para>
<para>If this option is used, all units originating from either
<filename>/etc/crypttab</filename> or kernel command line will get
<literal>link-volume-key</literal> option added among LUKS parameters.
It will eventually replace original parameter specified either
in the file or on the kernel commandl line.</para>
<para>The key type and kernel keyring may be specified like follows (first
matching rule will apply):</para>
<para>The value<literal>auto</literal> will get all volume keys uploaded
in a <literal>user</literal> type keys linked in the user keyring
(<literal>@u</literal>).</para>
<para>The value<literal>auto-logon</literal> will get all volume keys uploaded
in a <literal>logon</literal> type keys linked in the user keyring
(<literal>@u</literal>).</para>
<para>If no <literal>::</literal> substring is specified, the value gets
interpreted as a target keyring description where volume keys
will be linked in <literal>user</literal> type keys. The prefix
<literal>%:</literal> or <literal>%keyring:</literal> may be ommited
from keyring descriptions.</para>
<para>If <literal>::</literal> substring is specified, the substring
in front of <literal>::</literal> gets interpreted as a keyring
description. The remaining string beyond <literal>::</literal> must
represent key type description. The prefix
<literal>%:</literal> or <literal>%keyring:</literal> may be ommited
from keyring descriptions.</para>
<para>See
<citerefentry project='man-pages'><refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for more information on key descriptions (KEY IDENTIFIERS section).</para>
<para>Note that the linked volume keys are not cleaned up automatically when
devices are detached.</para>
<para><varname>rd.luks.link-volume-key=</varname> is honored only by initial
RAM disk (initrd) while <varname>luks.link-volume-key=</varname> is
honored by both the main system and in the initrd.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
</variablelist>
</refsect1>

View File

@ -76,6 +76,7 @@
<member><citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sethostname</refentrytitle><manvolnum>2</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.hostname1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -83,8 +83,9 @@
<refsect1>
<title>See Also</title>
<para><citerefentry>
<refentrytitle>hwdb</refentrytitle><manvolnum>7</manvolnum>
</citerefentry></para>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
<citerefentry><refentrytitle>hwdb</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>

View File

@ -50,6 +50,7 @@
<member><citerefentry><refentrytitle>importctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.import1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -41,9 +41,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -55,6 +55,7 @@
<member><citerefentry><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>localectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='mankier'><refentrytitle>loadkeys</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.locale1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -104,6 +104,7 @@
<member><citerefentry><refentrytitle>logind.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>sd-login</refentrytitle><manvolnum>3</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.login1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -135,6 +135,7 @@
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>nss-mymachines</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.machine1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -77,7 +77,7 @@
<option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>,
<option>--ucode=</option>, <option>--splash=</option>, <option>--dtb=</option>,
<option>--uname=</option>, <option>--sbat=</option>, <option>--pcrpkey=</option>,
<option>--profile=</option>, see below. Only <option>--linux=</option> is mandatory. (Alternatively,
<option>--profile=</option>, <option>--dtbauto=</option>, <option>--hwids=</option>, see below. Only <option>--linux=</option> is mandatory. (Alternatively,
specify <option>--current</option> to use the current values of PCR register 11 instead.)</para>
<xi:include href="version-info.xml" xpointer="v252"/>
@ -104,6 +104,16 @@
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><command>pcrpkey</command></term>
<listitem><para>This commands prints the public key either given with <option>--public-key=</option>,
or extracted from the certificate given with <option>--certificate=</option> or the private key given
with <option>--private-key=</option>.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
</variablelist>
</refsect1>
@ -125,6 +135,8 @@
<term><option>--sbat=<replaceable>PATH</replaceable></option></term>
<term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term>
<term><option>--profile=<replaceable>PATH</replaceable></option></term>
<term><option>--dtbauto=<replaceable>PATH</replaceable></option></term>
<term><option>--hwids=<replaceable>PATH</replaceable></option></term>
<listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb,
configures the files to read the unified kernel image components from. Each option corresponds with
@ -134,7 +146,7 @@
<xi:include href="version-info.xml" xpointer="v252"/>
<para id="v257">With the exception of <option>--profile=</option>, which has been added in version
<para id="v257">With the exception of <option>--profile=</option>, <option>--dtbauto=</option> and <option>--hwids=</option>, which have been added in version
257.</para></listitem>
</varlistentry>
@ -186,8 +198,9 @@
<varlistentry>
<term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE[:NAME]</replaceable></option></term>
<term><option>--certificate=<replaceable>PATH</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<term><option>--certificate=<replaceable>PATH/URI</replaceable></option></term>
<term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<listitem><para>As an alternative to <option>--public-key=</option> for the
<command>sign</command> command, these switches can be used to sign with an hardware token. The
@ -195,6 +208,11 @@
provider, as specified by <option>--private-key-source=</option> as a type:name tuple, such as
engine:pkcs11. The specified OpenSSL signing engine or provider will be used to sign.</para>
<para>The <option>--certificate=</option> option also takes a path or a URI that will be passed to
the OpenSSL provider, as specified by <option>--certificate-source=</option> as a
<literal>type:name</literal> tuple, such as <literal>provider:pkcs11</literal>. Note that unlike
<option>--private-key-source=</option> this option only supports providers and not engines.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
@ -264,13 +282,15 @@
<example>
<title>Generate a unified kernel image, and calculate the expected TPM PCR 11 value</title>
<programlisting>$ ukify --output=vmlinux.efi \
<programlisting>$ ukify build \
--linux=vmlinux \
--initrd=initrd.cpio \
--os-release=@os-release.txt \
--cmdline=@cmdline.txt \
--splash=splash.bmp \
--devicetree=devicetree.dtb \
--measure \
vmlinux initrd.cpio
--output=vmlinux.efi
11:sha1=d775a7b4482450ac77e03ee19bda90bd792d6ec7
11:sha256=bc6170f9ce28eb051ab465cd62be8cf63985276766cf9faf527ffefb66f45651
11:sha384=1cf67dff4757e61e5...7f49ad720be02fd07263e1f93061243aec599d1ee4b4
@ -289,7 +309,7 @@
<programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key.pem
..+.+++++++++......+.........+......+.......+....+.....+.+...+..........
$ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
# systemd-measure sign \
$ systemd-measure sign \
--linux=vmlinux \
--osrel=os-release.txt \
--cmdline=cmdline.txt \
@ -301,7 +321,9 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
--bank=sha256 \
--private-key=tpm2-pcr-private-key.pem \
--public-key=tpm2-pcr-public-key.pem >tpm2-pcr-signature.json
# ukify --output=vmlinuz.efi \
$ ukify build \
--linux=vmlinux \
--initrd=initrd.cpio \
--os-release=@os-release.txt \
--cmdline=@cmdline.txt \
--splash=splash.bmp \
@ -309,7 +331,7 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
--pcr-private-key=tpm2-pcr-private-key.pem \
--pcr-public-key=tpm2-pcr-public-key.pem \
--pcr-banks=sha1,sha256 \
vmlinux initrd.cpio</programlisting>
--output=vmlinuz.efi</programlisting>
<para>Later on, enroll the signed PCR policy on a LUKS volume:</para>
@ -345,7 +367,9 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key-initrd.pem
..+.......++........+........+......+........+....+.....+.+..+..........
$ openssl rsa -pubout -in tpm2-pcr-private-key-initrd.pem -out tpm2-pcr-public-key-initrd.pem
# ukify --output vmlinux-1.2.3.efi \
$ ukify build \
--linux=vmlinux-1.2.3 \
--initrd=initrd.cpio \
--os-release=@os-release.txt \
--cmdline=@cmdline.txt \
--splash=splash.bmp \
@ -357,8 +381,8 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key-initrd.pem -out tpm2-pcr-public-k
--pcr-private-key=tpm2-pcr-private-key-initrd.pem \
--pcr-public-key=tpm2-pcr-public-key-initrd.pem \
--phases=enter-initrd \
vmlinux-1.2.3 initrd.cpio \
--uname=1.2.3
--uname=1.2.3 \
--output=vmlinux-1.2.3.efi
+ /usr/lib/systemd/systemd-measure sign --linux=vmlinux-1.2.3 \
--osrel=os-release.txt --cmdline=cmdline.txt --dtb=devicetree.dtb \
--splash=splash.bmp --initrd=initrd.cpio --bank=sha1 --bank=sha256 \

View File

@ -62,9 +62,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-nsresourced.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -63,6 +63,12 @@
<para><command>systemd-networkd</command> may be introspected and controlled at runtime using
<citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para>
<para>See
<citerefentry><refentrytitle>org.freedesktop.network1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a description of the D-Bus API.</para>
</refsect1>
<refsect1><title>Configuration Files</title>
@ -91,6 +97,7 @@
<member><citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.network1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -69,13 +69,13 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-mountfsd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-dissect</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-mountfsd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-dissect</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -57,6 +57,12 @@
<para>See <citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for more information about the configuration of this service.</para>
<para>See
<citerefentry><refentrytitle>org.freedesktop.oom1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a description of the D-Bus API.</para>
</refsect1>
<refsect1>
@ -129,6 +135,7 @@
<member><citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>oomd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>oomctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.oom1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -37,6 +37,12 @@
<para>See the <ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> page
for details about the concepts this service implements.</para>
<para>See
<citerefentry><refentrytitle>org.freedesktop.portable1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
and
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for a description of the D-Bus API.</para>
</refsect1>
<refsect1>

View File

@ -44,7 +44,7 @@
<filename>kexec.target</filename> to execute the respective actions.</para>
<para>When these services are run, they ensure that PID 1 is replaced by the
<filename>/usr/lib/systemd/systemd-shutdown</filename> tool which is then responsible for the actual
<filename>/usr/lib/systemd/systemd-shutdown</filename> binary which is then responsible for the actual
shutdown. Before shutting down, this binary will try to unmount all remaining file systems (or at least
remount them read-only), disable all remaining swap devices, detach all remaining storage devices and
kill all remaining processes.</para>
@ -58,12 +58,12 @@
<filename>/usr/lib/systemd/system-shutdown/</filename> and pass one arguments to them: either
<literal>poweroff</literal>, <literal>halt</literal>, <literal>reboot</literal>, or
<literal>kexec</literal>, depending on the chosen action. All executables in this directory are executed
in parallel, and execution of the action is not continued before all executables finished. Note that
these executables are run <emphasis>after</emphasis> all services have been shut down, and after most
mounts have been unmounted (the root file system as well as <filename>/run/</filename> and various API
file systems are still around though). This means any programs dropped into this directory must be
prepared to run in such a limited execution environment and not rely on external services or hierarchies
such as <filename>/var/</filename> to be around (or writable).</para>
in parallel, and execution of the action is not continued before all executables finished. (A safety
timeout of 90s is applied however.) Note that these executables are run <emphasis>after</emphasis> all
services have been shut down, and after most mounts have been unmounted (the root file system as well as
<filename>/run/</filename> and various API file systems are still around though). This means any programs
dropped into this directory must be prepared to run in such a limited execution environment and not rely
on external services or hierarchies such as <filename>/var/</filename> to be around (or writable).</para>
<para>Note that <filename>systemd-poweroff.service</filename> (and the related units) should never be
executed directly. Instead, trigger system shutdown with a command such as <literal>systemctl

View File

@ -107,8 +107,8 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>pstore.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>pstore.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -348,9 +348,9 @@
<varlistentry>
<term><option>--private-key=</option></term>
<listitem><para>Takes a file system path. Configures the signing key to use when creating verity
signature partitions with the <varname>Verity=signature</varname> setting in partition files.
</para>
<listitem><para>Takes a file system path or an engine or provider specific designation. Configures
the signing key to use when creating verity signature partitions with the
<varname>Verity=signature</varname> setting in partition files.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
@ -361,7 +361,7 @@
<listitem><para>Takes one of <literal>file</literal>, <literal>engine</literal> or
<literal>provider</literal>. In the latter two cases, it is followed by the name of a provider or
engine, separated by colon, that will be passed to OpenSSL's "engine" or "provider" logic.
Configures the signing mechanism to use when creating verity signature partitions with the
Configures how to load the private key to use when creating verity signature partitions with the
<varname>Verity=signature</varname> setting in partition files.</para>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
@ -370,13 +370,24 @@
<varlistentry>
<term><option>--certificate=</option></term>
<listitem><para>Takes a file system path. Configures the PEM encoded X.509 certificate to use when
creating verity signature partitions with the <varname>Verity=signature</varname> setting in
partition files.</para>
<listitem><para>Takes a file system path or a provider specific designation. Configures the PEM
encoded X.509 certificate to use when creating verity signature partitions with the
<varname>Verity=signature</varname> setting in partition files.</para>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--certificate-source=</option></term>
<listitem><para>Takes one of <literal>file</literal>, or <literal>provider</literal>. In the latter
case, it is followed by the name of a provider, separated by colon, that will be passed to OpenSSL's
"provider" logic. Configures how to load the X.509 certificate to use when creating verity signature
partitions with the <varname>Verity=signature</varname> setting in partition files.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--tpm2-device=</option></term>
<term><option>--tpm2-pcrs=</option></term>

View File

@ -516,6 +516,7 @@ search foobar.com barbar.com
<member><citerefentry project='man-pages'><refentrytitle>hosts</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.resolve1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -60,9 +60,9 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

116
man/systemd-sbsign.xml Normal file
View File

@ -0,0 +1,116 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-sbsign"
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-sbsign</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-sbsign</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-sbsign</refname>
<refpurpose>Sign PE binaries for EFI Secure Boot</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>systemd-sbsign</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="req">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>systemd-sbsign</command> can be used to sign PE binaries for EFI Secure Boot.</para>
</refsect1>
<refsect1>
<title>Commands</title>
<variablelist>
<varlistentry>
<term><option>sign</option></term>
<listitem><para>Signs the given PE binary for EFI Secure Boot. Takes a path to a PE binary as its
argument. If the PE binary already has a certificate table, the new signature will be added to it.
Otherwise a new certificate table will be created. The signed PE binary will be written to the path
specified with <option>--output=</option>.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
<varlistentry>
<term><option>validate-key</option></term>
<listitem><para>Checks that we can load the private key specified with
<option>--private-key=</option>. </para>
<para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this
command can be used to cache the PIN in the kernel keyring. The
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and
<varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control
how long and in which kernel keyring the PIN is cached.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--output=<replaceable>PATH</replaceable></option></term>
<listitem><para>Specifies the path where to write the signed PE binary.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term>
<term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<term><option>--certificate=<replaceable>PATH</replaceable></option></term>
<term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term>
<listitem><para>Set the Secure Boot private key and certificate for use with the
<command>sign</command>. The <option>--certificate=</option> option takes a path to a PEM encoded
X.509 certificate or a URI that's passed to the OpenSSL provider configured with
<option>--certificate-source</option>. The <option>--certificate-source</option> takes one of
<literal>file</literal> or <literal>provider</literal>, with the latter being followed by a specific
provider identifier, separated with a colon, e.g. <literal>provider:pkcs11</literal>. The
<option>--private-key=</option> option can take a path or a URI that will be passed to the OpenSSL
engine or provider, as specified by <option>--private-key-source=</option> as a
<literal>type:name</literal> tuple, such as <literal>engine:pkcs11</literal>. The specified OpenSSL
signing engine or provider will be used to sign the PE binary.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager"/>
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -59,44 +59,66 @@
<!-- Let's keep this in the canonical order we also measure the sections by, i.e. as in
src/fundamental/uki.h's UnifiedSection enum -->
<listitem><para>A <literal>.linux</literal> section with the ELF Linux kernel
image. (Required)</para></listitem>
<listitem><para>A <literal>.linux</literal> section with the ELF Linux kernel image.
This section is required.</para></listitem>
<listitem><para>An <literal>.osrel</literal> section with OS release information, i.e. the contents of
the <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file
of the OS the kernel belongs to.</para></listitem>
<listitem><para>An optional <literal>.osrel</literal> section with OS release information, i.e. the
contents of the
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> file of
the OS the kernel belongs to.</para></listitem>
<listitem><para>A <literal>.cmdline</literal> section with the kernel command line to pass to the
invoked kernel.</para></listitem>
<listitem><para>An optional <literal>.cmdline</literal> section with the kernel command line to pass to
the invoked kernel.</para></listitem>
<listitem><para>An <literal>.initrd</literal> section with the initrd.</para></listitem>
<listitem><para>An optional <literal>.initrd</literal> section with the initrd.</para></listitem>
<listitem><para>A <literal>.ucode</literal> section with an initrd containing microcode, to be handed
to the kernel before any other initrd. This initrd must not be compressed.</para></listitem>
<listitem><para>An optional <literal>.ucode</literal> section with an initrd containing microcode, to
be handed to the kernel before any other initrd. This initrd must not be compressed.</para></listitem>
<listitem><para>A <literal>.splash</literal> section with an image (in the Windows
<listitem><para>An optional <literal>.splash</literal> section with an image (in the Windows
<filename>.BMP</filename> format) to show on screen before invoking the kernel.</para></listitem>
<listitem><para>A <literal>.dtb</literal> section with a compiled binary DeviceTree.</para></listitem>
<listitem><para>An optional <literal>.dtb</literal> section with a compiled binary DeviceTree.
</para></listitem>
<listitem><para>A <literal>.uname</literal> section with the kernel version information, i.e. the
output of <command>uname -r</command> for the kernel included in the <literal>.linux</literal>
<listitem><para>Zero or more <literal>.dtbauto</literal> sections. <filename>systemd-stub</filename>
will always use the first matching one. The match is performed by taking the first DeviceTree's
<varname>compatible</varname> string supplied by the firmware in configuration tables and comparing it
with the first <varname>compatible</varname> string from each of the <literal>.dtbauto</literal>
sections. If the firmware does not provide a DeviceTree, the match is done using the
<varname>.hwids</varname> section instead. After selecting a <literal>.hwids</literal> section (see the
description below), the <varname>compatible</varname> string from that section will be used to perform
the same matching procedure. If a match is found, that <literal>.dtbauto</literal> section will be
loaded and will override <varname>.dtb</varname> if present.</para></listitem>
<listitem><para>Zero or more <literal>.hwids</literal> sections with hardware IDs of the machines to
match DeviceTrees. <filename>systemd-stub</filename> will use the SMBIOS data to calculate hardware IDs
of the machine (as per <ulink
url="https://learn.microsoft.com/en-us/windows-hardware/drivers/install/specifying-hardware-ids-for-a-computer">specification</ulink>),
and then it will try to find any of them in each of the <literal>.hwids</literal> sections. The first
matching section will be used.</para></listitem>
<listitem><para>An optional <literal>.uname</literal> section with the kernel version information, i.e.
the output of <command>uname -r</command> for the kernel included in the <literal>.linux</literal>
section.</para></listitem>
<listitem><para>An <literal>.sbat</literal> section with
<ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">SBAT</ulink> revocation
metadata.</para></listitem>
<listitem><para>An optional <literal>.sbat</literal> section with
<ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">SBAT</ulink> revocation metadata.
</para></listitem>
<listitem><para>A <literal>.pcrsig</literal> section with a set of cryptographic signatures for the
expected TPM2 PCR values after the kernel has been booted, in JSON format. This is useful for
<listitem><para>An optional <literal>.pcrsig</literal> section with a set of cryptographic signatures
for the expected TPM2 PCR values after the kernel has been booted, in JSON format. This is useful for
implementing TPM2 policies that bind disk encryption and similar to kernels that are signed by a
specific key.</para></listitem>
<listitem><para>A <literal>.pcrpkey</literal> section with a public key in the PEM format matching the
signature data in the <literal>.pcrsig</literal> section.</para></listitem>
<listitem><para>An optional <literal>.pcrpkey</literal> section with a public key in the PEM format
matching the signature data in the <literal>.pcrsig</literal> section.</para></listitem>
</itemizedlist>
<para>In a basic UKI, the sections listed above appear at most once. In a multi-profile UKI,
<!-- FIXME: how does .dtauto/.hwids matching interact with profiles? -->
<para>In a basic UKI, the sections listed above appear at most once, with the exception of
<literal>.dtbauto</literal> and <literal>.hwids</literal> sections. In a multi-profile UKI,
multiple sets of these sections are present in a single file and form "profiles",
one of which can be selected at boot. For this, the PE section <literal>.profile</literal> is
defined to be used as the separator between sets of sections. The
@ -192,7 +214,7 @@
<listitem><para>Similarly, files
<filename><replaceable>foo</replaceable>.efi.extra.d/*.addon.efi</filename> are loaded and verified as
PE binaries and specific sections are loaded from them. Addons are used to pass additional kernel
command line parameters (<literal>.cmdline</literal> section), or Devicetree blobs
command line parameters (<literal>.cmdline</literal> section), or DeviceTree blobs
(<literal>.dtb</literal> section), additional initrds (<literal>.initrd</literal> section),
and microcode updates (<literal>.ucode</literal> section). Addons allow those resources to be passed
regardless of the kernel version being booted, for example allowing platform vendors to ship

View File

@ -45,11 +45,12 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry>
<citerefentry><refentrytitle>updatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>updatectl</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.sysupdate1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -99,6 +99,7 @@ systemd-timesyncd.service
<member><citerefentry><refentrytitle>localtime</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>hwclock</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-timesyncd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.timedate1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>

View File

@ -75,8 +75,8 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -893,8 +893,6 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<refsect1>
<title>Mandatory Access Control</title>
<xi:include href="system-only.xml" xpointer="plural"/>
<variablelist class='unit-directives'>
<varlistentry>
@ -921,6 +919,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
prefixed by <literal>-</literal>, all errors will be ignored. This setting has no effect if AppArmor
is not enabled. This setting does not affect commands prefixed with <literal>+</literal>.</para>
<xi:include href="system-only.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v210"/>
</listitem>
</varlistentry>
@ -939,6 +939,8 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
value may be specified to unset previous assignments. This does not affect commands prefixed with
<literal>+</literal>.</para>
<xi:include href="system-only.xml" xpointer="singular"/>
<xi:include href="version-info.xml" xpointer="v218"/></listitem>
</varlistentry>
@ -1431,6 +1433,10 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
set. This setting cannot ensure protection in all cases. In general it has the same limitations as
<varname>ReadOnlyPaths=</varname>, see below. Defaults to off.</para>
<para>Note that if <varname>ProtectSystem=</varname> is set to <literal>strict</literal> and
<varname>PrivateTmp=</varname> is enabled, then <filename>/tmp/</filename> and
<filename>/var/tmp/</filename> will be writable.</para>
<xi:include href="version-info.xml" xpointer="v214"/></listitem>
</varlistentry>
@ -1976,6 +1982,30 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>PrivatePIDs=</varname></term>
<listitem><para>Takes a boolean argument. Defaults to false. If enabled, sets up a new PID namespace
for the executed processes. Each executed process is now PID 1 - the init process - in the new namespace.
<filename>/proc/</filename> is mounted such that only processes in the PID namespace are visible.
If <varname>PrivatePIDs=</varname> is set, <varname>MountAPIVFS=yes</varname> is implied.</para>
<para><varname>PrivatePIDs=</varname> is only supported for service units. This setting is not supported
with <varname>Type=forking</varname> since the kernel will kill all processes in the PID namespace if
the init process terminates.</para>
<para>This setting will be ignored if the kernel does not support PID namespaces.</para>
<para>Note unprivileged user services (i.e. a service run by the per-user instance of the service manager)
will fail with <varname>PrivatePIDs=yes</varname> if <filename>/proc/</filename> is masked
(i.e. <filename>/proc/kmsg</filename> is over-mounted with <constant>tmpfs</constant> like
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry> does).
This is due to a kernel restriction not allowing unprivileged user namespaces to mount a less restrictive
instance of <filename>/proc/</filename>.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>PrivateUsers=</varname></term>

View File

@ -123,7 +123,7 @@
<row>
<entry><replaceable>prefix</replaceable><constant>d</constant><replaceable>number</replaceable></entry>
<entry>Devicetree alias index</entry>
<entry>DeviceTree alias index</entry>
</row>
</tbody>

View File

@ -1004,6 +1004,27 @@ DuplicateAddressDetection=none</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>MulticastIGMPVersion=</varname></term>
<listitem>
<para>Configures IPv4 Multicast IGMP Version to be used, and controls the value of
<filename>/proc/sys/net/ipv4/conf/<replaceable>INTERFACE</replaceable>/force_igmp_version</filename>.
Takes one of <literal>no</literal>,
<literal>v1</literal>, <literal>v2</literal>, or <literal>v3</literal>.
When <literal>no</literal>, no enforcement of an IGMP version will be applied, IGMPv1/v2 fallback are allowed, will back to
IGMPv3 mode again if all IGMPv1/v2 Querier Present timer expire.
When <literal>v1</literal>, use of IGMP version 1 will be enforced, and IGMPv1 report will be replied even if IGMPv2/v3
queries are received.
When <literal>v2</literal>, use of IGMP version 2 will be enforced, and IGMPv2 report will be replied if an IGMPv2/v3 query
is received, but fallback to IGMPv1 if an IGMPv1 query is received.
When <literal>v3</literal>, use of IGMP version 3 will be enforced, and the same reaction will be done as <literal>no</literal>.
Defaults to unset, and the sysctl value will be unchanged.
</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>IPv4AcceptLocal=</varname></term>
<listitem>

View File

@ -153,11 +153,14 @@
not apply to <varname>PathChanged=</varname> and
<varname>PathModified=</varname>.</para>
<para>If the path itself or any of the containing directories
are not accessible, <command>systemd</command> will watch for
permission changes and notice that conditions are satisfied
when permissions allow that. </para></listitem>
<para>If the path itself or any of the containing directories are not accessible,
<command>systemd</command> will watch for permission changes and notice that conditions are satisfied
when permissions allow that. </para>
<para>Note that files whose name starts with a dot (i.e. hidden files) are generally ignored when
monitoring these paths.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Unit=</varname></term>

View File

@ -551,11 +551,11 @@
<varname>ExecStop=</varname> commands specified with this setting are invoked when a service failed to start
up correctly and is shut down again.</para>
<para>It is recommended to use this setting for clean-up operations that shall be executed even when the
service failed to start up correctly. Commands configured with this setting need to be able to operate even if
the service failed starting up half-way and left incompletely initialized data around. As the service's
processes have been terminated already when the commands specified with this setting are executed they should
not attempt to communicate with them.</para>
<para>It is recommended to use this setting for clean-up operations that shall be executed even when
the service failed to start up correctly. Commands configured with this setting need to be able to
operate even if the service failed starting up half-way and left incompletely initialized data
around. As the service's processes have likely exited already when the commands specified with this
setting are executed they should not attempt to communicate with them.</para>
<para>Note that all commands that are configured with this setting are invoked with the result code of the
service, as well as the main process' exit code and status, set in the <varname>$SERVICE_RESULT</varname>,

View File

@ -224,9 +224,10 @@ KeyThree=value 3\
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -1590,6 +1590,7 @@
<member><citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
</simplelist></para>
<para>For more information about the concepts and

View File

@ -82,9 +82,10 @@
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
</para>
<para><simplelist type="inline">
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
<member><citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
</simplelist></para>
</refsect1>
</refentry>

View File

@ -100,10 +100,12 @@
the n-th boot phase path set will be signed by the n-th key. This can be used to build different trust
policies for different phases of the boot. In the config file, <varname>PCRPrivateKey=</varname>,
<varname>PCRPublicKey=</varname>, and <varname>Phases=</varname> are grouped into separate sections,
describing separate boot phases. If <varname>SigningEngine=</varname>/<option>--signing-engine=</option>
is specified, then the private keys arguments will be passed verbatim to OpenSSL as URIs, and the public
key arguments will be loaded as X.509 certificates, so that signing can be performed with an OpenSSL
engine.</para>
describing separate boot phases. If one of
<varname>SigningEngine=</varname>/<option>--signing-engine=</option> or
<varname>SigningProvider=</varname>/<option>--signing-provider=</option> is specified, then the private
key arguments will be passed verbatim to OpenSSL as URIs, and the public key arguments will be loaded
as X.509 certificates, so that signing can be performed with an OpenSSL engine or provider
respectively.</para>
<para>If a SecureBoot signing key is provided via the
<varname>SecureBootPrivateKey=</varname>/<option>--secureboot-private-key=</option> option, the resulting
@ -440,9 +442,9 @@
<term><varname>SecureBootSigningTool=<replaceable>SIGNER</replaceable></varname></term>
<term><option>--signtool=<replaceable>SIGNER</replaceable></option></term>
<listitem><para>Whether to use <literal>sbsign</literal> or <literal>pesign</literal>.
Depending on this choice, different parameters are required in order to sign an image.
Defaults to <literal>sbsign</literal>.</para>
<listitem><para>Whether to use <literal>sbsign</literal>, <literal>pesign</literal>, or
<literal>systemd-sbsign</literal>. Depending on this choice, different parameters are required in
order to sign an image. Defaults to <literal>sbsign</literal>.</para>
<xi:include href="version-info.xml" xpointer="v254"/></listitem>
</varlistentry>
@ -452,8 +454,9 @@
<term><option>--secureboot-private-key=<replaceable>SB_KEY</replaceable></option></term>
<listitem><para>A path to a private key to use for signing of the resulting binary. If the
<varname>SigningEngine=</varname>/<option>--signing-engine=</option> option is used, this may also be
an engine-specific designation. This option is required by
<varname>SigningEngine=</varname>/<option>--signing-engine=</option> or
<varname>SigningProvider=</varname>/<option>--signing-provider=</option> option is used, this may
also be an engine or provider specific designation. This option is required by
<varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option>. </para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
@ -464,8 +467,9 @@
<term><option>--secureboot-certificate=<replaceable>SB_CERT</replaceable></option></term>
<listitem><para>A path to a certificate to use for signing of the resulting binary. If the
<varname>SigningEngine=</varname>/<option>--signing-engine=</option> option is used, this may also
be an engine-specific designation. This option is required by
<varname>SigningEngine=</varname>/<option>--signing-engine=</option> or
<varname>SigningProvider=</varname>/<option>--signing-provider=</option> option is used, this may
also be an engine or provider specific designation. This option is required by
<varname>SecureBootSigningTool=sbsign</varname>/<option>--signtool=sbsign</option>. </para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
@ -506,14 +510,34 @@
<term><varname>SigningEngine=<replaceable>ENGINE</replaceable></varname></term>
<term><option>--signing-engine=<replaceable>ENGINE</replaceable></option></term>
<listitem><para>An "engine" for signing of the resulting binary. This option is currently passed
verbatim to the <option>--engine=</option> option of
<citerefentry project='archlinux'><refentrytitle>sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
<listitem><para>An OpenSSL engine to be used for signing the resulting binary and PCR measurements.
</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>SigningProvider=<replaceable>PROVIDER</replaceable></varname></term>
<term><option>--signing-provider=<replaceable>PROVIDER</replaceable></option></term>
<listitem><para>An OpenSSL provider to be used for signing the resulting binary and PCR
measurements. This option can only be used when using <command>systemd-sbsign</command> as the
signing tool.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>CertificateProvider=<replaceable>PROVIDER</replaceable></varname></term>
<term><option>--certificate-provider=<replaceable>PROVIDER</replaceable></option></term>
<listitem><para>An OpenSSL provider to be used for loading the certificate used to sign the
resulting binary and PCR measurements. This option can only be used when using
<command>systemd-sbsign</command> as the signing tool.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>SignKernel=<replaceable>BOOL</replaceable></varname></term>
<term><option>--sign-kernel</option></term>

View File

@ -202,19 +202,19 @@
<listitem><para>When used with <command>call</command>: expect multiple method replies. If this flag
is set the method call is sent with the <constant>more</constant> flag set, which tells the service
to generate multiple replies, if needed. The command remains running until the service sends a reply
message that indicates it is the last in the series (or if the configured time-out is reached, see
message that indicates it is the last in the series (or if the configured timeout is reached, see
below). This flag should be set only for method calls that support this mechanism.</para>
<para>If this mode is enabled output is automatically switched to JSON-SEQ mode, so that individual
reply objects can be easily discerned.</para>
<para>This switch has no effect on the method call time-out applied by default: regardless if
<option>--more</option> is specified or not, the default time-out will be 45s. Use
<option>--timeout=</option> (see below) to change or disable the time-out. When invoking a method
call that continuously returns updates it is typically desirable to disable the time-out with
<para>This switch has no effect on the method call timeout applied by default: regardless if
<option>--more</option> is specified or not, the default timeout will be 45s. Use
<option>--timeout=</option> (see below) to change or disable the timeout. When invoking a method
call that continuously returns updates it is typically desirable to disable the timeout with
<option>--timeout=infinity</option>. On the other hand, when invoking a <option>--more</option>
method call for the purpose of enumerating objects (which likely will complete quickly) it is
typically beneficial to leave the time-out logic enabled, for robustness reasons.</para>
typically beneficial to leave the timeout logic enabled, for robustness reasons.</para>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
@ -300,8 +300,8 @@
<term><option>--timeout=</option></term>
<listitem>
<para>Expects a time-out in seconds as parameter. By default a time-out of 45s is enforced. To turn
off the time-out specify <literal>infinity</literal> or an empty string.</para>
<para>Expects a timeout in seconds as parameter. By default a timeout of 45s is enforced. To turn
off the timeout specify <literal>infinity</literal> or an empty string.</para>
<xi:include href="version-info.xml" xpointer="v257"/>
</listitem>

View File

@ -20,8 +20,8 @@ else
project_minor_version = '0'
endif
libsystemd_version = '0.39.0'
libudev_version = '1.7.9'
libsystemd_version = '0.40.0'
libudev_version = '1.7.10'
conf = configuration_data()
conf.set_quoted('PROJECT_URL', 'https://systemd.io/')
@ -2344,8 +2344,9 @@ subdir('src/ask-password')
subdir('src/backlight')
subdir('src/battery-check')
subdir('src/binfmt')
subdir('src/bless-boot')
subdir('src/boot')
subdir('src/boot/efi')
subdir('src/bootctl')
subdir('src/busctl')
subdir('src/cgls')
subdir('src/cgroups-agent')
@ -2380,6 +2381,7 @@ subdir('src/locale')
subdir('src/login')
subdir('src/machine')
subdir('src/machine-id-setup')
subdir('src/measure')
subdir('src/mountfsd')
subdir('src/modules-load')
subdir('src/mount')
@ -2408,6 +2410,7 @@ subdir('src/rfkill')
subdir('src/rpm')
subdir('src/run')
subdir('src/run-generator')
subdir('src/sbsign')
subdir('src/shutdown')
subdir('src/sleep')
subdir('src/socket-activate')

View File

@ -1 +1 @@
257~devel
257~rc1

View File

@ -2,7 +2,9 @@
[Build]
ToolsTreePackages=
meson
gcc
gperf
meson
mypy
pkgconf
ruff

View File

@ -9,5 +9,6 @@ ToolsTreePackages=
libcap
libmicrohttpd
python-jinja
python-pytest
tpm2-tss
util-linux-libs

View File

@ -15,3 +15,4 @@ ToolsTreePackages=
pkgconfig(mount)
tss2-devel
python3-jinja2
python3-pytest

View File

@ -15,3 +15,4 @@ ToolsTreePackages=
libmount-dev
libtss2-dev
python3-jinja2
python3-pytest

View File

@ -14,3 +14,4 @@ ToolsTreePackages=
pkgconfig(mount)
tss2-devel
python3-jinja2
python3-pytest

View File

@ -9,7 +9,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2023-05-13 19:20+0000\n"
"Last-Translator: Maksim Kliazovich <maxklezovich@gmail.com>\n"
"Language-Team: Belarusian <https://translate.fedoraproject.org/projects/"
@ -116,28 +116,38 @@ msgid "Authentication is required to update a user's home area."
msgstr "Для абнаўлення хатняй прасторы патрабуецца аўтэнтыфікацыя."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Абнавіць хатнюю прастору"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Для абнаўлення хатняй прасторы патрабуецца аўтэнтыфікацыя."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Змяніць памер хатняй прасторы"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr "Для змены памеру хатняй прасторы патрабуецца аўтэнтыфікацыя."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Змяніць пароль для хатняй прасторы"
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr "Для змены пароля для хатняй прасторы патрабуецца аўтэнтыфікацыя."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Стварыць хатнюю прастору"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Для стварэння хатняй прасторы патрабуецца аўтэнтыфікацыя."
@ -1185,6 +1195,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Для наладкі сістэмнага часу патрабуецца аўтэнтыфікацыя."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Для кіравання актыўнымі сеансамі, карыстальнікамі і працоўнымі месцамі "
"патрабуецца аўтэнтыфікацыя."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Наладзіць сістэмны час"
@ -1223,23 +1244,23 @@ msgstr ""
"Для ўключэння або выключэння сінхранізацыі часу па сетцы патрабуецца "
"аўтэнтыфікацыя."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Для запуску \"$(unit)\" патрабуецца аўтэнтыфікацыя."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Для спынення \"$(unit)\" патрабуецца аўтэнтыфікацыя."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Для перачытання стану \"$(unit)\" патрабуецца аўтэнтыфікацыя."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Для перазапуску \"$(unit)\" патрабуецца аўтэнтыфікацыя."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
@ -1247,17 +1268,17 @@ msgstr ""
"Для адпраўкі сігналу UNIX працэсам адзінкі \"$(unit)\" патрабуецца "
"аўтэнтыфікацыя."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Для таго, каб скінуць стан \"failed\" у \"$(unit)\", патрабуецца "
"аўтэнтыфікацыя."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Для змены ўласцівасцей \"$(unit)\" патрабуецца аўтэнтыфікацыя."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
@ -1265,7 +1286,7 @@ msgstr ""
"Для выдалення файлаў і каталогаў, якія звязаныя з \"$(unit)\", патрабуецца "
"аўтэнтыфікацыя."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2016-06-09 19:50+0300\n"
"Last-Translator: Viktar Vaŭčkievič <victorenator@gmail.com>\n"
"Language-Team: \n"
@ -119,20 +119,30 @@ msgstr ""
"Nieabchodna aŭtentyfikacyja dlia dalučennia prylad da pracoŭnych miescaŭ."
#: src/home/org.freedesktop.home1.policy:53
msgid "Resize a home area"
msgid "Update your home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia dalučennia prylad da pracoŭnych miescaŭ."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:64
#, fuzzy
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia ŭsieahuĺnaha paviedamliennia"
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
#, fuzzy
msgid ""
"Authentication is required to change the password of a user's home area."
@ -140,11 +150,11 @@ msgstr ""
"Nieabchodna aŭtentyfikacyja dlia kiravannia aktyŭnymi siesijami, "
"karystaĺnikami i miescami."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
msgid "Activate a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Nieabchodna aŭtentyfikacyja dlia pieračytannia stanu systemd."
@ -1231,6 +1241,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia sistemnaha času."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia kiravannia aktyŭnymi siesijami, "
"karystaĺnikami i miescami."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Ustaliavać sistemny čas"
@ -1272,23 +1293,23 @@ msgstr ""
"Nieabchodna aŭtentyfikacyja dlia ŭkliučennia abo vykliučennia sinchranizacyi "
"času pa sietcy."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Nieabchodna aŭtentyfikacyja dlia zapusku '$(unit)'."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Nieabchodna aŭtentyfikacyja dlia spyniennia '$(unit)'."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Nieabchodna aŭtentyfikacyja dlia pieračytannia stanu '$(unit)'."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Nieabchodna aŭtentyfikacyja dlia pierazapusku '$(unit)'."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
#, fuzzy
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
@ -1296,17 +1317,17 @@ msgid ""
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia ŭlascivasciej '$(unit)'."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia anuliavannia pamylkovaha stanu '$(unit)'."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia ŭstaliavannia ŭlascivasciej '$(unit)'."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
#, fuzzy
msgid ""
"Authentication is required to delete files and directories associated with "
@ -1314,7 +1335,7 @@ msgid ""
msgstr ""
"Nieabchodna aŭtentyfikacyja dlia anuliavannia pamylkovaha stanu '$(unit)'."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
#, fuzzy
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."

View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: systemd master\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2023-03-17 15:20+0000\n"
"Last-Translator: Velislav Ivanov <velislav.bg@gmail.com>\n"
"Language-Team: Bulgarian <https://translate.fedoraproject.org/projects/"
@ -116,29 +116,39 @@ msgid "Authentication is required to update a user's home area."
msgstr "За обновяване на място за потребител е необходима идентификация."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Обновяване на място за потребител"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "За обновяване на място за потребител е необходима идентификация."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Преоразмеряване на място за потребител"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr "За преоразмеряване на място за потребител е необходима идентификация."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Промяна на парола на място за потребител"
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"За промяна на парола на място за потребител е необходима идентификация."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Създаване на място за потребител"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "За създаване на място за потребител е необходима идентификация."
@ -1207,6 +1217,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "За задаване на времето на системата е необходима идентификация."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"За управление на работещите сесии, потребители и работни места е необходима "
"идентификация."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Задаване на времето на системата"
@ -1247,23 +1268,23 @@ msgstr ""
"За превключване на синхронизацията на времето по мрежата е необходима "
"идентификация."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "За стартиране на „$(unit)“ е необходима идентификация."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "За спиране на „$(unit)“ е необходима идентификация."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "За презареждане на „$(unit)“ е необходима идентификация."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "За рестартиране на „$(unit)“ е необходима идентификация."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
@ -1271,17 +1292,17 @@ msgstr ""
"За изпращането на сигнал на UNIX на процесите на „$(unit)“ е необходима "
"идентификация."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"За премахване на състоянието за неуспех на „$(unit)“ е необходима "
"идентификация."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "За задаване на свойствата на „$(unit)“ е необходима идентификация."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
@ -1289,7 +1310,7 @@ msgstr ""
"За изтриването на файловете и директориите на „$(unit)“ е необходима "
"идентификация."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2018-02-27 04:18-0500\n"
"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
"Language-Team: Català <ubuntu-l10n-ca@lists.ubuntu.com>\n"
@ -120,31 +120,41 @@ msgstr ""
"Es requereix autenticació per annexar un dispositiu a un lloc de treball."
#: src/home/org.freedesktop.home1.policy:53
msgid "Resize a home area"
msgid "Update your home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to resize a user's home area."
msgstr "Es requereix autenticació per establir un missatge de mur"
msgid "Authentication is required to update your home area."
msgstr ""
"Es requereix autenticació per annexar un dispositiu a un lloc de treball."
#: src/home/org.freedesktop.home1.policy:63
msgid "Change password of a home area"
msgid "Resize a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:64
#, fuzzy
msgid "Authentication is required to resize a user's home area."
msgstr "Es requereix autenticació per establir un missatge de mur"
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
#, fuzzy
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Es requereix autenticació per gestionar les sessions, usuaris i llocs de "
"treball actius."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
msgid "Activate a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Es requereix autenticació per tornar a carregar l'estat de systemd."
@ -1236,6 +1246,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Es requereix autenticació per establir l'hora del sistema."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Es requereix autenticació per gestionar les sessions, usuaris i llocs de "
"treball actius."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Estableix l'hora del sistema"
@ -1276,45 +1297,45 @@ msgstr ""
"Es requereix autenticació per controlar si s'ha d'activar la sincronització "
"de l'hora de xarxa."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Es requereix autenticació per iniciar «$(unit)»."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Es requereix autenticació per aturar «$(unit)»."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Es requereix autenticació per tornar a carregar «$(unit)»."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Es requereix autenticació per reiniciar «$(unit)»."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
#, fuzzy
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr "Es requereix autenticació per establir les propietats a «$(unit)»."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr "Es requereix autenticació per restablir l'estat «failed» de «$(unit)»."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Es requereix autenticació per establir les propietats a «$(unit)»."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
#, fuzzy
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr "Es requereix autenticació per restablir l'estat «failed» de «$(unit)»."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
#, fuzzy
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."

View File

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-10-28 15:47+0000\n"
"Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n"
"Language-Team: Czech <https://translate.fedoraproject.org/projects/systemd/"
@ -114,28 +114,38 @@ msgid "Authentication is required to update a user's home area."
msgstr "Pro aktualizaci domovského adresáře uživatele je vyžadováno ověření."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Aktualizovat domovský adresář"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Pro aktualizaci domovského adresáře uživatele je vyžadováno ověření."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Změnit velikost domovského adresáře"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Pro změnu velikosti domovského adresáře uživatele je vyžadováno ověření."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Změnit heslo domovského adresáře"
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr "Pro změnu hesla domovského adresáře uživatele je vyžadováno ověření."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
msgid "Activate a home area"
msgstr "Aktivovat domovskou složku"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Pro vytvoření domovského adresáře uživatele je vyžadováno ověření."
@ -1171,6 +1181,16 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Pro nastavení systémového času je vyžadováno ověření."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Pro správu aktivních sezení, uživatelů a stanovišť je vyžadováno ověření."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Nastavit systémový čas"
@ -1209,37 +1229,37 @@ msgid ""
"shall be enabled."
msgstr "Pro kontrolu synchronizace času ze sítě je vyžadováno ověření."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Pro spuštění „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Pro vypnutí „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Pro opětovné načtení „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Pro restart „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr "Pro odeslání UNIX signálu procesům „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr "Pro resetování chybného stavu „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Pro nastavení vlastností na „$(unit)” je vyžadováno ověření."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
@ -1247,7 +1267,7 @@ msgstr ""
"Pro odstranění souborů nebo adresářů souvisejících s „$(unit)” je vyžadováno "
"ověření."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2021-06-02 16:03+0000\n"
"Last-Translator: scootergrisen <scootergrisen@gmail.com>\n"
"Language-Team: Danish <https://translate.fedoraproject.org/projects/systemd/"
@ -113,32 +113,43 @@ msgid "Authentication is required to update a user's home area."
msgstr "Der kræves godkendelse for at opdatere en brugers hjemmeområde."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Opdater et hjemmeområde"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Der kræves godkendelse for at opdatere en brugers hjemmeområde."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Tilpas størrelsen på et hjemmeområde"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Der kræves godkendelse for at tilpasse størrelsen på en brugers hjemmeområde."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Skift adgangskode for et hjemmeområde"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Der kræves godkendelse for at skifte adgangskoden for en brugers "
"hjemmeområde."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Opret et hjemmeområde"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Der kræves godkendelse for at oprette en brugers hjemmeområde."
@ -1178,6 +1189,18 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Der kræves godkendelse for at indstille tiden for systemet."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Der kræves godkendelse for at håndtere aktive sessioner, brugere og "
"arbejdsstationer."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Indstil tiden for systemet"
@ -1218,45 +1241,45 @@ msgstr ""
"Der kræves godkendelse for at kontrollere hvorvidt synkronisering af "
"netværkstid skal aktiveres."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Der kræves godkendelse for at starte '$(unit)'."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Der kræves godkendelse for at stoppe '$(unit)'."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Der kræves godkendelse for at genindlæse '$(unit)'."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Der kræves godkendelse for at genstarte '$(unit)'."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr "Der kræves godkendelse for at indstille egenskaber på '$(unit)'."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Der kræves godkendelse for at nulstille \"fejl\"-tilstanden på '$(unit)'."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Der kræves godkendelse for at indstille egenskaber på '$(unit)'."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr ""
"Der kræves godkendelse for at nulstille \"fejl\"-tilstanden på '$(unit)'."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -5,16 +5,18 @@
# Benjamin Steinwender <b@stbe.at>, 2014.
# Bernd Homuth <dev@hmt.im>, 2015.
# Fabian Affolter <mail@fabian-affolter.ch>, 2020.
# Ettore Atalan <atalanttore@googlemail.com>, 2021.
# Ettore Atalan <atalanttore@googlemail.com>, 2021, 2024.
# Christian Wehrli <christian@chw.onl>, 2021.
# Christian Kirbach <christian.kirbach@gmail.com>, 2023.
# Jarne Förster <fedora@mymailclient.de>, 2024.
# Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>, 2024.
# Anselm Schueler <mail@anselmschueler.com>, 2024.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"PO-Revision-Date: 2024-05-07 17:36+0000\n"
"Last-Translator: Jarne Förster <fedora@mymailclient.de>\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-07 13:26+0000\n"
"Last-Translator: Anselm Schueler <mail@anselmschueler.com>\n"
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
"main/de/>\n"
"Language: de\n"
@ -22,7 +24,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.5.2\n"
"X-Generator: Weblate 5.8.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -129,33 +131,45 @@ msgstr ""
"Benutzers notwendig."
#: src/home/org.freedesktop.home1.policy:53
msgid "Update your home area"
msgstr "Deinen persönlichen Bereich aktualisieren"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Legitimierung ist zum Aktualisieren des persönlichen Bereichs eines "
"Benutzers notwendig."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Größe eines persönlichen Bereichs ändern"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Legitimierung ist für die Größenänderung des persönlichen Bereichs eines "
"Benutzers notwendig."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Passwort eines persönlichen Bereichs ändern"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Legitimierung ist zum Ändern des Passworts eines persönlichen Bereichs eines "
"Benutzers notwendig."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Einen persönlichen Bereich anlegen"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr ""
@ -225,9 +239,8 @@ msgstr ""
"nicht eingesteckt."
#: src/home/pam_systemd_home.c:381
#, fuzzy
msgid "Security token PIN: "
msgstr "Sicherheitstoken PIN: "
msgstr "PIN des Sicherheitstokens: "
#: src/home/pam_systemd_home.c:398
#, c-format
@ -388,27 +401,26 @@ msgid "Import a disk image"
msgstr "Datenabbild importieren"
#: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image."
msgstr "Authentifizierung ist erforderlich um ein Datenabbild zu importieren"
msgstr "Legitimierung ist zum Importieren eines Abbildes erforderlich."
#: src/import/org.freedesktop.import1.policy:32
msgid "Export a disk image"
msgstr "Datenabbild exportieren"
#: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image."
msgstr "Authentifizierung ist erforderlich um ein Datenabbild zu exportieren"
msgstr ""
"Legitimierung ist zum Exportieren eines Festplattenabbildes erforderlich."
#: src/import/org.freedesktop.import1.policy:42
msgid "Download a disk image"
msgstr "Datenabbild herunterladen"
#: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image."
msgstr "Authentifizierung ist erforderlich um ein Datenabbild herunterzuladen"
msgstr ""
"Legitimierung ist zum Herunterladen eines Festplattenabbildes erforderlich."
#: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image"
@ -416,12 +428,11 @@ msgstr "Transfer eines Datenabbilds abbrechen"
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image."
msgstr ""
"Authentifizierung ist erforderlich um den aktuellen Transfer eines "
"Datenabbildes abzubrechen"
"Legitimierung ist zum Abbrechen der laufenden Übertragung eines "
"Festplattenabbildes erforderlich."
#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
@ -930,17 +941,15 @@ msgstr ""
"erforderlich."
#: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container"
msgstr "Lokale virtuelle Maschinen und Container verwalten"
msgstr "Lokale virtuelle Maschinen oder Container erstellen"
#: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid ""
"Authentication is required to create a local virtual machine or container."
msgstr ""
"Legitimierung ist zum Verwalten lokaler virtueller Maschinen und Container "
"erforderlich."
"Legitimierung ist zum Erstellen einer lokalen virtuellen Maschine oder eines "
"Containers erforderlich."
#: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images"
@ -1101,11 +1110,9 @@ msgstr ""
"Legitimierung ist zur Neukonfiguration der Netzwerkschnittstelle notwendig."
#: src/network/org.freedesktop.network1.policy:187
#, fuzzy
msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr ""
"Bitte geben Sie an, ob permanenter Speicher für systemd-networkd verfügbar "
"ist."
"Geben Sie an, ob permanenter Speicher für systemd-networkd verfügbar ist"
#: src/network/org.freedesktop.network1.policy:188
msgid ""
@ -1153,7 +1160,6 @@ msgid "Register a DNS-SD service"
msgstr "Einen DNS-SD-Dienst registrieren"
#: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service."
msgstr "Legitimierung ist zum Anmelden eines DNS-SD-Dienstes notwendig"
@ -1252,13 +1258,25 @@ msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr ""
msgstr "Alte Systemaktualisierungen bereinigen"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
# https://www.freedesktop.org/software/systemd/man/sd-login.html
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
"Arbeitsstationen notwendig."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Die Systemzeit festlegen"
@ -1299,23 +1317,23 @@ msgstr ""
"Legitimierung ist zum Festlegen, ob Netzwerkzeitabgeich eingeschaltet sein "
"soll, erforderlich."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Legitimierung ist zum Starten von »$(unit)« notwendig."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Legitimierung ist zum Stoppen von »$(unit)« notwendig."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Legitimierung ist zum erneuten Laden von »$(unit)« notwendig."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Legitimierung ist zum Neustarten von »$(unit)« notwendig."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
@ -1323,18 +1341,18 @@ msgstr ""
"Legitimierung ist zum Senden eines UNIX-Signals an die Prozesse von "
"»$(unit)« notwendig."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Legitimierung ist zum Zurücksetzen des Status »fehlgeschlagen« von »$(unit)« "
"notwendig"
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr ""
"Legitimierung ist zum Festlegen der Eigenschaften von »$(unit)« notwendig."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
@ -1342,7 +1360,7 @@ msgstr ""
"Legitimierung ist zum Löschen von Dateien und Verzeichnissen, die zu "
"»$(unit)« gehören, erforderlich."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-08-04 03:41+0000\n"
"Last-Translator: Dimitrys Meliates <demetresmeliates+fedora@gmail.com>\n"
"Language-Team: Greek <https://translate.fedoraproject.org/projects/systemd/"
@ -118,31 +118,41 @@ msgid "Authentication is required to update a user's home area."
msgstr "Απαιτείται ταυτοποίηση για την ενημέρωση αρχικής περιοχής ενός χρήστη."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Ενημέρωση αρχικής περιοχής"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Απαιτείται ταυτοποίηση για την ενημέρωση αρχικής περιοχής ενός χρήστη."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Αλλαγή μεγέθους αρχικής περιοχής"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Απαιτείται ταυτοποίηση για την αλλαγή του μεγέθους αρχικής περιοχής ενός "
"χρήστη."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
#, fuzzy
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Απαιτείται πιστοποίηση για προσάρτηση μιας συσκευής σε έναν σταθμό εργασίας."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
msgid "Activate a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
@ -1222,6 +1232,16 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Απαιτείται πιστοποίηση για προσάρτηση μιας συσκευής σε έναν σταθμό εργασίας."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Ορισμός ώρας συστήματος"
@ -1262,51 +1282,51 @@ msgstr ""
"Απαιτείται πιστοποίηση για να ελέγξετε αν ο συγχρονισμός ώρας δικτύου θα "
"ενεργοποιηθεί."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
#, fuzzy
msgid "Authentication is required to start '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
#, fuzzy
msgid "Authentication is required to stop '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
#, fuzzy
msgid "Authentication is required to reload '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
#, fuzzy
msgid "Authentication is required to restart '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
#, fuzzy
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
#, fuzzy
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε τοπικά όνομα οικοδεσπότη."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
#, fuzzy
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε την ώρα του συστήματος."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
#, fuzzy
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr "Απαιτείται πιστοποίηση για να ορίσετε τοπικά όνομα οικοδεσπότη."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
#, fuzzy
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."

View File

@ -9,7 +9,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2021-08-26 18:05+0000\n"
"Last-Translator: Adolfo Jayme Barrientos <fitoschido@gmail.com>\n"
"Language-Team: Spanish <https://translate.fedoraproject.org/projects/systemd/"
@ -118,31 +118,42 @@ msgstr ""
"Necesita autenticarse para actualizar el espacio personal de un usuario."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Actualizar un espacio personal"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr ""
"Necesita autenticarse para actualizar el espacio personal de un usuario."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Redimensionar un espacio personal"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
"Necesita autenticarse para redimensionar el espacio personal de un usuario."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Cambiar contraseña de un espacio personal"
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
"Necesita autenticarse para cambiar la contraseña del espacio personal de un "
"usuario."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Crear un área home"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Se requiere autenticación para crear un área home de usuario."
@ -1215,6 +1226,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Necesita autenticarse para establecer la fecha y hora del sistema."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Necesita autenticarse para administrar las sesiones activas, usuarios y "
"puestos de trabajo."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Establecer fecha y hora del sistema"
@ -1255,23 +1277,23 @@ msgstr ""
"Necesita autenticarse para activar/desactivar la sincronización de hora por "
"red."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Necesita autenticarse para iniciar «$(unit)»."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Necesita autenticarse para detener «$(unit)»."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Necesita autenticarse para recargar «$(unit)»."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Necesita autenticarse para reiniciar «$(unit)»."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
#, fuzzy
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
@ -1279,16 +1301,16 @@ msgid ""
msgstr ""
"Se requiere autenticación para establecer las propiedades de '$(unit)'."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Necesita autenticarse para reiniciar el estado de «fallido» de «$(unit)»."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Necesita autenticarse para establecer las propiedades de «$(unit)»."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
#, fuzzy
msgid ""
"Authentication is required to delete files and directories associated with "
@ -1296,7 +1318,7 @@ msgid ""
msgstr ""
"Se requiere autenticación para reiniciar el estado de «fallido» de '$(unit)'."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
#, fuzzy
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."

View File

@ -4,7 +4,7 @@
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2022-10-24 15:23+0000\n"
"Last-Translator: H A <contact+fedora@hen.ee>\n"
"Language-Team: Estonian <https://translate.fedoraproject.org/projects/"
@ -106,28 +106,38 @@ msgid "Authentication is required to update a user's home area."
msgstr "Autentmine on vajalik, et uuendada kasutaja koduala."
#: src/home/org.freedesktop.home1.policy:53
#, fuzzy
msgid "Update your home area"
msgstr "Uuenda koduala"
#: src/home/org.freedesktop.home1.policy:54
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Autentmine on vajalik, et uuendada kasutaja koduala."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
msgstr "Muuda koduala suurust"
#: src/home/org.freedesktop.home1.policy:54
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr "Autentmine on vajalik, et muuta kasutaja koduala suurust."
#: src/home/org.freedesktop.home1.policy:63
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr "Muuda koduala parooli"
#: src/home/org.freedesktop.home1.policy:64
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr "Autentimine on vajalik, et muuta kasutaja koduala parooli."
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
#, fuzzy
msgid "Activate a home area"
msgstr "Loo koduala"
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Autentimine on vajalik, et luua kasutaja koduala."
@ -1114,6 +1124,16 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Autentimine on vajalik, et määrata süsteemi aega."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Autentimine on vajalik, et hallata aktiivseid seansse, kasutajaid ning kohti."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr "Määra süsteemi aeg"
@ -1153,45 +1173,45 @@ msgstr ""
"Autentimine on vajalik, et kontrollida kas võrgu ajasünkroneerimine peaks "
"olema lubatud."
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr "Autentimine on vajalik, et käivitada '$(unit)'."
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr "Autentimine on vajalik, et peatada '$(unit)'."
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr "Autentimine on vajalik, et laadida '$(unit)' uuesti."
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr "Autentimine on vajalik, et restartida '$(unit)'."
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr ""
"Autentimine on vajalik, et saata UNIX signaali '$(unit)' protsessidele."
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
"Autentimine on vajalik, et lähtestada '$(unit)' \"ebaõnnestunud\" olekut."
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr "Autentimine on vajalik, et määrata '$(unit)' omadusi."
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr "Autentimine on vajalik, et kustutada '$(unit)' faile ja kauste."
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

View File

@ -5,7 +5,7 @@ msgid ""
msgstr ""
"Project-Id-Version: systemd\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2023-06-03 15:48+0000\n"
"Last-Translator: Asier Sarasua Garmendia <asier.sarasua@gmail.com>\n"
"Language-Team: Basque <https://translate.fedoraproject.org/projects/systemd/"
@ -113,27 +113,36 @@ msgid "Authentication is required to update a user's home area."
msgstr ""
#: src/home/org.freedesktop.home1.policy:53
msgid "Resize a home area"
msgid "Update your home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to resize a user's home area."
msgstr ""
#, fuzzy
msgid "Authentication is required to update your home area."
msgstr "Autentifikazioa behar da sistemaren eskualde-ezarpenak ezartzeko."
#: src/home/org.freedesktop.home1.policy:63
msgid "Change password of a home area"
msgid "Resize a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:64
msgid "Authentication is required to resize a user's home area."
msgstr ""
#: src/home/org.freedesktop.home1.policy:73
msgid "Change password of a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
msgid ""
"Authentication is required to change the password of a user's home area."
msgstr ""
#: src/home/org.freedesktop.home1.policy:73
#: src/home/org.freedesktop.home1.policy:83
msgid "Activate a home area"
msgstr ""
#: src/home/org.freedesktop.home1.policy:74
#: src/home/org.freedesktop.home1.policy:84
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Autentifikazioa behar da sistemaren eskualde-ezarpenak ezartzeko."
@ -1094,6 +1103,17 @@ msgstr ""
msgid "Authentication is required to cleanup old system updates."
msgstr "Autentifikazioa behar da systemd egoera birkargatzeko."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
msgid "Manage optional features"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
#, fuzzy
msgid "Authentication is required to manage optional features"
msgstr ""
"Autentifikazioa behar da sistema-zerbitzua edo unitate-fitxategiak "
"kudeatzeko."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"
msgstr ""
@ -1130,43 +1150,43 @@ msgid ""
"shall be enabled."
msgstr ""
#: src/core/dbus-unit.c:353
#: src/core/dbus-unit.c:370
msgid "Authentication is required to start '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:354
#: src/core/dbus-unit.c:371
msgid "Authentication is required to stop '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:355
#: src/core/dbus-unit.c:372
msgid "Authentication is required to reload '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:356 src/core/dbus-unit.c:357
#: src/core/dbus-unit.c:373 src/core/dbus-unit.c:374
msgid "Authentication is required to restart '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:549
#: src/core/dbus-unit.c:566
msgid ""
"Authentication is required to send a UNIX signal to the processes of "
"'$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:577
#: src/core/dbus-unit.c:594
msgid "Authentication is required to reset the \"failed\" state of '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:607
#: src/core/dbus-unit.c:624
msgid "Authentication is required to set properties on '$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:704
#: src/core/dbus-unit.c:721
msgid ""
"Authentication is required to delete files and directories associated with "
"'$(unit)'."
msgstr ""
#: src/core/dbus-unit.c:741
#: src/core/dbus-unit.c:758
msgid ""
"Authentication is required to freeze or thaw the processes of '$(unit)' unit."
msgstr ""

Some files were not shown because too many files have changed in this diff Show More