man: systemd-measure. Remove 'tpm2-pcrs=' from cryptenroll command (#39590 )

This is now default since 4b840414be3b2d6520599d86d2b718a37574aabf.
Two fixes for homectl (#39591 )
2025-11-10 12:24:45 +01:00 · 2025-11-07 05:54:06 +09:00 · 2025-11-07 05:52:20 +09:00 · 2025-11-07 05:51:39 +09:00 · 2025-11-07 05:50:20 +09:00 · 2025-11-06 21:10:25 +01:00
6 changed files with 7 additions and 5 deletions
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@ -346,7 +346,6 @@ $ ukify build \
     <programlisting># systemd-cryptenroll --tpm2-device=auto \
     --tpm2-public-key=tpm2-pcr-public-key.pem \
     --tpm2-signature=tpm2-pcr-signature.json \
-     --tpm2-pcrs="" \
     /dev/sda5</programlisting>

     <para>And then unlock the device with the signature:</para>
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@ -3887,7 +3887,7 @@ static int parse_argv(int argc, char *argv[]) {
                        break;

                case ARG_SETENV: {
-                        _cleanup_free_ char **l = NULL;
+                        _cleanup_strv_free_ char **l = NULL;
                        _cleanup_(sd_json_variant_unrefp) sd_json_variant *ne = NULL;
                        sd_json_variant *e;

--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@ -726,7 +726,7 @@ enum nss_status _nss_systemd_getgrent_r(
                int *errnop) {

        _cleanup_(group_record_unrefp) GroupRecord *gr = NULL;
-        _cleanup_free_ char **members = NULL;
+        _cleanup_strv_free_ char **members = NULL;
        int r;

        PROTECT_ERRNO;
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@ -1133,6 +1133,8 @@ static int ask_password_credential(const AskPasswordRequest *req, AskPasswordFla
        r = read_credential(req->credential, (void**) &buffer, &size);
        if (IN_SET(r, -ENXIO, -ENOENT)) /* No credentials passed or this credential not defined? */
                return -ENOKEY;
+        if (r < 0)
+                return r;

        l = strv_parse_nulstr(buffer, size);
        if (!l)
--- a/src/shared/reread-partition-table.c
+++ b/src/shared/reread-partition-table.c
@ -257,7 +257,7 @@ static int reread_partition_table_full(sd_device *dev, int fd, RereadPartitionTa
        if (FLAGS_SET(flags, REREADPT_BSD_LOCK)) {
                lock_fd = fd_reopen(fd, O_RDONLY|O_CLOEXEC|O_NOCTTY);
                if (lock_fd < 0)
-                        return log_device_debug_errno(dev, r, "Failed top open lock fd for block device '%s': %m", p);
+                        return log_device_debug_errno(dev, lock_fd, "Failed top open lock fd for block device '%s': %m", p);

                if (flock(lock_fd, LOCK_EX|LOCK_NB) < 0)
                        return log_device_debug_errno(dev, errno, "Failed to take BSD lock on block device '%s': %m", p);
--- a/test/units/TEST-87-AUX-UTILS-VM.bootctl.sh
+++ b/test/units/TEST-87-AUX-UTILS-VM.bootctl.sh
@ -346,7 +346,8 @@ EOF
    bootctl remove
 }

-testcase_secureboot() {
+# Order this first, as other test cases mess with the ESP and might break 'bootctl status' output
+testcase_00_secureboot() {
    if [ ! -d /sys/firmware/efi ]; then
        echo "Not booted with EFI, skipping secureboot tests."
        return 0
Author	SHA1	Message	Date
cvlc12	c3e80f8f2b	man: systemd-measure. Remove 'tpm2-pcrs=' from cryptenroll command (#39590 ) This is now default since 4b840414be3b2d6520599d86d2b718a37574aabf.	2025-11-07 05:54:06 +09:00
Yu Watanabe	d1676fdfbd	Two fixes for homectl (#39591 )	2025-11-07 05:52:20 +09:00
Luca Boccassi	7a62cbfc6d	test: ensure test checking status runs first The test messes a bit with the ESP, which might cause bootctl status output to change. Run the test that simply checks status without changing anything first. [ 188.633908] TEST-87-AUX-UTILS-VM.sh[1101]: + bootctl status --quiet [ 188.681082] TEST-87-AUX-UTILS-VM.sh[1155]: System: [ 188.681082] TEST-87-AUX-UTILS-VM.sh[1155]: Firmware: UEFI 2.70 (EDK II 1.00) [ 188.681082] TEST-87-AUX-UTILS-VM.sh[1155]: Firmware Arch: x64 [ 188.681082] TEST-87-AUX-UTILS-VM.sh[1155]: Secure Boot: enabled (user) <...> [ 198.938717] TEST-87-AUX-UTILS-VM.sh[1679]: ++ printf '\6\0\0\0\1' [ 198.939235] TEST-87-AUX-UTILS-VM.sh[1678]: + cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c /dev/fd/63 [ 198.944957] TEST-87-AUX-UTILS-VM.sh[1678]: + cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c /dev/fd/63 [ 198.945808] TEST-87-AUX-UTILS-VM.sh[1681]: ++ printf '\6\0\0\0\0' [ 198.950459] TEST-87-AUX-UTILS-VM.sh[1684]: + bootctl status [ 198.951357] TEST-87-AUX-UTILS-VM.sh[1685]: + grep -q 'Secure Boot: enabled' [ 199.004142] TEST-87-AUX-UTILS-VM.sh[1086]: + echo 'Subtest /usr/lib/systemd/tests/testdata/units/TEST-87-AUX-UTILS-VM.bootctl.sh failed' Follow-up for 5ae58ac2b93a4046fbae4e0c825b8cc9d03d10d8 Fixes https://github.com/systemd/systemd/issues/39598	2025-11-07 05:51:39 +09:00
Luca Boccassi	74c0ed07a1	reread-part: fix error propagation [ 49.514556] (udev-synth)[1385]: Assertion '(_error) != 0' failed at src/shared/reread-partition-table.c:260, function reread_partition_table_full(). Aborting. Follow-up for 757887d01dd96125be1774f4b23b12f2fbda9a8b Fixes https://github.com/systemd/systemd/issues/39603	2025-11-07 05:50:20 +09:00
jouyouyun	9ebf0d260d	nss-systemd: fix memory leak	2025-11-06 21:10:25 +01:00
David Tardon	399c9f847e	ask-password-api: return if read_credential() failed The current code causes assertion in strv_parse_nulstr() if read_credential() results in an error different from ENXIO or ENOENT (strace shows I'm getting EACCES): # homectl create waldo --real-name=Waldo --disk-size=200M Before: Assertion 's \|\| l <= 0' failed at src/basic/nulstr-util.c:32, function strv_parse_nulstr_full(). Aborting. After: Failed to acquire password: Permission denied Follow-up-for: 8806bb4bc7fa15d6ca46e81b8d535730209a3b66	2025-11-06 14:23:35 +01:00
David Tardon	5efcbae259	homectl: fix memory leak # valgrind --leak-check=full homectl create waldo --real-name=Waldo --disk-size=200M --setopt=FOO=bar Before: ==25155== HEAP SUMMARY: ==25155== in use at exit: 12,879 bytes in 39 blocks ==25155== total heap usage: 90 allocs, 51 frees, 53,964 bytes allocated ==25155== ==25155== 8 bytes in 1 blocks are definitely lost in loss record 4 of 38 ==25155== at 0x4845866: malloc (vg_replace_malloc.c:446) ==25155== by 0x547FC2E: strdup (strdup.c:42) ==25155== by 0x4B2647C: strv_env_replace_strdup_passthrough (env-util.c:435) ==25155== by 0x42D547: parse_argv (homectl.c:3909) ==25155== by 0x43999C: run (homectl.c:5606) ==25155== by 0x4399F5: main (homectl.c:5613) ==25155== ==25155== LEAK SUMMARY: ==25155== definitely lost: 8 bytes in 1 blocks After: ==25224== HEAP SUMMARY: ==25224== in use at exit: 12,871 bytes in 38 blocks ==25224== total heap usage: 90 allocs, 52 frees, 53,964 bytes allocated ==25224== ==25224== LEAK SUMMARY: ==25224== definitely lost: 0 bytes in 0 blocks Follow-up-for: aaf057c4bbc6055040d7d2c1ec3655ff89249ebd	2025-11-06 14:21:43 +01:00