Compare commits
1 Commits
9986e1bfb0
...
87fe6f909d
Author | SHA1 | Date |
---|---|---|
Helmut Grohne | 87fe6f909d |
14
TODO
14
TODO
|
@ -129,20 +129,6 @@ Deprecations and removals:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
* Teach systemd-ssh-generator to generated an /run/issue.d/ drop-in telling
|
|
||||||
users how to connect to the system via the AF_VSOCK, as per:
|
|
||||||
https://github.com/systemd/systemd/issues/35071#issuecomment-2462803142
|
|
||||||
|
|
||||||
* maybe introduce an OSC sequence that signals when we ask for a password, so
|
|
||||||
that terminal emulators can maybe connect a password manager or so, and
|
|
||||||
highlight things specially.
|
|
||||||
|
|
||||||
* Port pidref_namespace_open() to use PIDFD_GET_MNT_NAMESPACE and related
|
|
||||||
ioctls to get nsfds directly from pidfds.
|
|
||||||
|
|
||||||
* start using STATX_SUBVOL in btrfs_is_subvol(). Also, make use of it
|
|
||||||
generically, so that image discovery recognizes bcachefs subvols too.
|
|
||||||
|
|
||||||
* format-table: introduce new cell type for strings with ansi sequences in
|
* format-table: introduce new cell type for strings with ansi sequences in
|
||||||
them. display them in regular output mode (via strip_tab_ansi()), but
|
them. display them in regular output mode (via strip_tab_ansi()), but
|
||||||
suppress them in json mode.
|
suppress them in json mode.
|
||||||
|
|
|
@ -1438,11 +1438,6 @@ evdev:input:b0003v046DpC309*
|
||||||
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
||||||
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
||||||
|
|
||||||
# Logitech MX Keys for Mac
|
|
||||||
evdev:input:b0003v046Dp4092*
|
|
||||||
KEYBOARD_KEY_70035=102nd # '<' key
|
|
||||||
KEYBOARD_KEY_70064=grave # '^' key
|
|
||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
# Maxdata
|
# Maxdata
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|
|
@ -376,12 +376,11 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:*
|
||||||
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
|
sensor:modalias:acpi:SMO8500*:dmi:*:svncube:pni7:*
|
||||||
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1
|
||||||
|
|
||||||
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B/i18D)
|
# Cube i7 Stylus, i7 Stylus I8L Model, i7 Book (i16) and Mix Plus (i18B)
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:*
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni8-L:*
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni16:*
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
|
sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni18B:*
|
||||||
sensor:modalias:acpi:KIOX000A*:dmi:*:svnALLDOCUBE:pni18D:*
|
|
||||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||||
|
|
||||||
# Cube iWork 10 Flagship
|
# Cube iWork 10 Flagship
|
||||||
|
@ -953,15 +952,6 @@ sensor:modalias:acpi:MXC6655*:dmi:*:svnDefaultstring*:pnP612F:*
|
||||||
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:*
|
||||||
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1
|
||||||
|
|
||||||
#########################################
|
|
||||||
# Pine64
|
|
||||||
#########################################
|
|
||||||
|
|
||||||
# PineTab2
|
|
||||||
|
|
||||||
sensor:modalias:of:NaccelerometerT_null_Csilan,sc7a20:*
|
|
||||||
ACCEL_MOUNT_MATRIX=0, 0, -1; 1, 0, 0; 0, -1, 0
|
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Pipo
|
# Pipo
|
||||||
#########################################
|
#########################################
|
||||||
|
|
|
@ -421,7 +421,7 @@
|
||||||
<term><varname>rd.systemd.verity=</varname></term>
|
<term><varname>rd.systemd.verity=</varname></term>
|
||||||
<term><varname>systemd.verity_root_data=</varname></term>
|
<term><varname>systemd.verity_root_data=</varname></term>
|
||||||
<term><varname>systemd.verity_root_hash=</varname></term>
|
<term><varname>systemd.verity_root_hash=</varname></term>
|
||||||
<term><varname>systemd.verity_root_options=</varname></term>
|
<term><varname>systemd.verity.root_options=</varname></term>
|
||||||
<term><varname>usrhash=</varname></term>
|
<term><varname>usrhash=</varname></term>
|
||||||
<term><varname>systemd.verity_usr_data=</varname></term>
|
<term><varname>systemd.verity_usr_data=</varname></term>
|
||||||
<term><varname>systemd.verity_usr_hash=</varname></term>
|
<term><varname>systemd.verity_usr_hash=</varname></term>
|
||||||
|
|
|
@ -265,11 +265,32 @@
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1>
|
<refsect1>
|
||||||
<title>Unlocking</title>
|
<title>Options</title>
|
||||||
|
|
||||||
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
|
<para>The following options are understood:</para>
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--password</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||||
|
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||||
|
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><option>--recovery-key</option></term>
|
||||||
|
|
||||||
|
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||||
|
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||||
|
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -307,45 +328,7 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>Simple Enrollment</title>
|
|
||||||
|
|
||||||
<para>The following options are understood that may be used to enroll simple user input based
|
|
||||||
unlocking:</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--password</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
|
||||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
|
||||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><option>--recovery-key</option></term>
|
|
||||||
|
|
||||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
|
||||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
|
||||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
|
||||||
</varlistentry>
|
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>PKCS#11 Enrollment</title>
|
|
||||||
|
|
||||||
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -378,15 +361,7 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>FIDO2 Enrollment</title>
|
|
||||||
|
|
||||||
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
||||||
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
||||||
|
@ -486,15 +461,7 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>TPM2 Enrollment</title>
|
|
||||||
|
|
||||||
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||||
|
|
||||||
|
@ -669,15 +636,7 @@
|
||||||
|
|
||||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
<refsect1>
|
|
||||||
<title>Other Options</title>
|
|
||||||
|
|
||||||
<para>The following additional options are understood:</para>
|
|
||||||
|
|
||||||
<variablelist>
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
||||||
|
|
||||||
|
|
|
@ -81,7 +81,4 @@
|
||||||
<para id="v255">Added in version 255.</para>
|
<para id="v255">Added in version 255.</para>
|
||||||
<para id="v256">Added in version 256.</para>
|
<para id="v256">Added in version 256.</para>
|
||||||
<para id="v257">Added in version 257.</para>
|
<para id="v257">Added in version 257.</para>
|
||||||
<para id="v258">Added in version 258.</para>
|
|
||||||
<para id="v259">Added in version 259.</para>
|
|
||||||
<para id="v260">Added in version 260.</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [[ "$1" == "clangd" ]]; then
|
|
||||||
exec "$@"
|
|
||||||
fi
|
|
|
@ -2,6 +2,10 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
|
if [[ "$1" == "clangd" ]]; then
|
||||||
|
exec "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
|
if [[ ! -f "pkg/$PKG_SUBDIR/PKGBUILD" ]]; then
|
||||||
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
|
echo "PKGBUILD not found at pkg/$PKG_SUBDIR/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -7,7 +7,7 @@ Distribution=arch
|
||||||
Environment=
|
Environment=
|
||||||
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
|
GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
|
||||||
GIT_BRANCH=main
|
GIT_BRANCH=main
|
||||||
GIT_COMMIT=29a73017cd380cd8db070dbd560e229d523b3c79
|
GIT_COMMIT=62c224b60ca150627be58ca2da50f47cc0a5793c
|
||||||
PKG_SUBDIR=arch
|
PKG_SUBDIR=arch
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
|
|
|
@ -8,7 +8,7 @@ Distribution=|fedora
|
||||||
Environment=
|
Environment=
|
||||||
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
|
GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
|
||||||
GIT_BRANCH=rawhide
|
GIT_BRANCH=rawhide
|
||||||
GIT_COMMIT=7bd1d09f7fd16d20a041de0eb9af7cc8dbef6a99
|
GIT_COMMIT=e42eed4afd6267cd954d393d8eec79e0e7573de0
|
||||||
PKG_SUBDIR=fedora
|
PKG_SUBDIR=fedora
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
|
|
|
@ -9,7 +9,7 @@ Environment=
|
||||||
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
|
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
|
||||||
GIT_SUBDIR=debian
|
GIT_SUBDIR=debian
|
||||||
GIT_BRANCH=debian/master
|
GIT_BRANCH=debian/master
|
||||||
GIT_COMMIT=51cd22f3684725a1b199012555e7378f2f468c16
|
GIT_COMMIT=48fabbd5d240a70fce6712b6161f29b40b2fc7de
|
||||||
PKG_SUBDIR=debian
|
PKG_SUBDIR=debian
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
|
|
28
po/de.po
28
po/de.po
|
@ -15,7 +15,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-17 15:48+0000\n"
|
"PO-Revision-Date: 2024-11-09 20:13+0000\n"
|
||||||
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
|
"Last-Translator: Weblate Translation Memory <noreply-mt-weblate-translation-"
|
||||||
"memory@weblate.org>\n"
|
"memory@weblate.org>\n"
|
||||||
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: German <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
|
@ -187,11 +187,9 @@ msgstr ""
|
||||||
"benötigte Speichermedium oder Dateisystem ein."
|
"benötigte Speichermedium oder Dateisystem ein."
|
||||||
|
|
||||||
#: src/home/pam_systemd_home.c:298
|
#: src/home/pam_systemd_home.c:298
|
||||||
#, c-format
|
#, fuzzy, c-format
|
||||||
msgid "Too frequent login attempts for user %s, try again later."
|
msgid "Too frequent login attempts for user %s, try again later."
|
||||||
msgstr ""
|
msgstr "Zu häufige Loginversuche für %s. Bitte später erneut probieren."
|
||||||
"Zu viele Anmeldeversuche für Benutzer %s, versuchen Sie es später noch "
|
|
||||||
"einmal."
|
|
||||||
|
|
||||||
#: src/home/pam_systemd_home.c:310
|
#: src/home/pam_systemd_home.c:310
|
||||||
msgid "Password: "
|
msgid "Password: "
|
||||||
|
@ -1191,16 +1189,18 @@ msgid "Subscribe query results"
|
||||||
msgstr "Abfrageergebnisse abonnieren"
|
msgstr "Abfrageergebnisse abonnieren"
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:144
|
#: src/resolve/org.freedesktop.resolve1.policy:144
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to subscribe query results."
|
msgid "Authentication is required to subscribe query results."
|
||||||
msgstr "Legitimierung ist zum Abonnieren von Abfrageergebnissen erforderlich."
|
msgstr "Legitimierung ist zum Versetzen des Systems in Bereitschaft notwendig."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:154
|
#: src/resolve/org.freedesktop.resolve1.policy:154
|
||||||
msgid "Dump cache"
|
msgid "Dump cache"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:155
|
#: src/resolve/org.freedesktop.resolve1.policy:155
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to dump cache."
|
msgid "Authentication is required to dump cache."
|
||||||
msgstr ""
|
msgstr "Legitimierung ist zum Festlegen von Domains notwendig."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:165
|
#: src/resolve/org.freedesktop.resolve1.policy:165
|
||||||
msgid "Dump server state"
|
msgid "Dump server state"
|
||||||
|
@ -1248,21 +1248,20 @@ msgid "Install specific system version"
|
||||||
msgstr "Spezifische Systemversion installieren"
|
msgstr "Spezifische Systemversion installieren"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
|
||||||
|
#, fuzzy
|
||||||
msgid ""
|
msgid ""
|
||||||
"Authentication is required to update the system to a specific (possibly old) "
|
"Authentication is required to update the system to a specific (possibly old) "
|
||||||
"version."
|
"version."
|
||||||
msgstr ""
|
msgstr "Legitimierung ist zum Festlegen der Systemzeitzone notwendig."
|
||||||
"Legitimierung ist zum Aktualisieren des Systems auf eine bestimmte ("
|
|
||||||
"möglicherweise alte) Version erforderlich."
|
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
|
||||||
msgid "Cleanup old system updates"
|
msgid "Cleanup old system updates"
|
||||||
msgstr "Alte Systemaktualisierungen bereinigen"
|
msgstr "Alte Systemaktualisierungen bereinigen"
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to cleanup old system updates."
|
msgid "Authentication is required to cleanup old system updates."
|
||||||
msgstr ""
|
msgstr "Legitimierung ist zum Festlegen der Systemzeit notwendig."
|
||||||
"Legitimierung ist zum Bereinigen alter Systemaktualisierungen erforderlich."
|
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
|
@ -1270,8 +1269,11 @@ msgstr "Optionale Funktionen verwalten"
|
||||||
|
|
||||||
# https://www.freedesktop.org/software/systemd/man/sd-login.html
|
# https://www.freedesktop.org/software/systemd/man/sd-login.html
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "Legitimierung ist zur Verwaltung optionaler Funktionen erforderlich"
|
msgstr ""
|
||||||
|
"Legitimierung ist zur Verwaltung aktiver Sitzungen, Benutzern und "
|
||||||
|
"Arbeitsstationen notwendig."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
18
po/fi.po
18
po/fi.po
|
@ -3,13 +3,12 @@
|
||||||
# Finnish translation of systemd.
|
# Finnish translation of systemd.
|
||||||
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
|
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
|
||||||
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
|
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
|
||||||
# Jiri Grönroos <jiri.gronroos@iki.fi>, 2024.
|
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
|
||||||
"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
|
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
|
||||||
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/fi/>\n"
|
"main/fi/>\n"
|
||||||
"Language: fi\n"
|
"Language: fi\n"
|
||||||
|
@ -17,7 +16,7 @@ msgstr ""
|
||||||
"Content-Type: text/plain; charset=UTF-8\n"
|
"Content-Type: text/plain; charset=UTF-8\n"
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
"Plural-Forms: nplurals=2; plural=n != 1;\n"
|
||||||
"X-Generator: Weblate 5.8.2\n"
|
"X-Generator: Weblate 5.7.2\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -113,12 +112,14 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Päivitä kotialue"
|
msgstr "Päivitä kotialue"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "Todennus vaaditaan kotialueen päivittämiseksi."
|
msgstr "Todennus vaaditaan käyttäjän kotialueen päivittämiseksi."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1173,11 +1174,14 @@ msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "Hallitse valinnaisia ominaisuuksia"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "Todennus vaaditaan valinnaisten ominaisuuksien hallintaan"
|
msgstr ""
|
||||||
|
"Todennus vaaditaan aktiivisten istuntojen, käyttäjien ja paikkojen "
|
||||||
|
"hallintaan."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
6
po/fr.po
6
po/fr.po
|
@ -12,7 +12,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
|
||||||
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
"Last-Translator: Léane GRASSER <leane.grasser@proton.me>\n"
|
||||||
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: French <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/fr/>\n"
|
"main/fr/>\n"
|
||||||
|
@ -360,8 +360,8 @@ msgid ""
|
||||||
"Authentication is required to set the statically configured local hostname, "
|
"Authentication is required to set the statically configured local hostname, "
|
||||||
"as well as the pretty hostname."
|
"as well as the pretty hostname."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Une authentification est requise pour définir le nom d'hôte local configuré "
|
"Une authentification est requise pour définir le nom d'hôte local de manière "
|
||||||
"de manière statique, ainsi que le nom d'hôte convivial."
|
"statique, ainsi que le nom d'hôte familier."
|
||||||
|
|
||||||
#: src/hostname/org.freedesktop.hostname1.policy:41
|
#: src/hostname/org.freedesktop.hostname1.policy:41
|
||||||
msgid "Set machine information"
|
msgid "Set machine information"
|
||||||
|
|
114
po/he.po
114
po/he.po
|
@ -1,22 +1,22 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
#
|
#
|
||||||
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023, 2024.
|
# Yaron Shahrabani <sh.yaron@gmail.com>, 2023.
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Project-Id-Version: systemd\n"
|
"Project-Id-Version: systemd\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-19 07:38+0000\n"
|
"PO-Revision-Date: 2023-11-22 00:01+0000\n"
|
||||||
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
|
"Last-Translator: Yaron Shahrabani <sh.yaron@gmail.com>\n"
|
||||||
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: Hebrew <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/he/>\n"
|
"master/he/>\n"
|
||||||
"Language: he\n"
|
"Language: he\n"
|
||||||
"MIME-Version: 1.0\n"
|
"MIME-Version: 1.0\n"
|
||||||
"Content-Type: text/plain; charset=UTF-8\n"
|
"Content-Type: text/plain; charset=UTF-8\n"
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
|
"Plural-Forms: nplurals=4; plural=(n == 1) ? 0 : ((n == 2) ? 1 : ((n > 10 && "
|
||||||
"n % 10 == 0) ? 2 : 3));\n"
|
"n % 10 == 0) ? 2 : 3));\n"
|
||||||
"X-Generator: Weblate 5.8.2\n"
|
"X-Generator: Weblate 5.2\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
|
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "עדכון אזור הבית שלך"
|
msgstr "עדכון אזור בית"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "נדרש אימות כדי לעדכן את אזור הבית שלך."
|
msgstr "נדרש אימות כדי לעדכן אזור בית למשתמש."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -131,12 +133,14 @@ msgid ""
|
||||||
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
|
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:83
|
#: src/home/org.freedesktop.home1.policy:83
|
||||||
|
#, fuzzy
|
||||||
msgid "Activate a home area"
|
msgid "Activate a home area"
|
||||||
msgstr "הפעלת אזור בית"
|
msgstr "יצירת אזור בית"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:84
|
#: src/home/org.freedesktop.home1.policy:84
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to activate a user's home area."
|
msgid "Authentication is required to activate a user's home area."
|
||||||
msgstr "נדרש אימות כדי להפעיל אזור בית של משתמש."
|
msgstr "נדרש אימות כדי ליצור אזור בית למשתמש."
|
||||||
|
|
||||||
#: src/home/pam_systemd_home.c:293
|
#: src/home/pam_systemd_home.c:293
|
||||||
#, c-format
|
#, c-format
|
||||||
|
@ -347,37 +351,46 @@ msgid "Authentication is required to get system description."
|
||||||
msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
|
msgstr "נדרש אימות כדי למשוך את תיאור המערכת."
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:22
|
#: src/import/org.freedesktop.import1.policy:22
|
||||||
|
#, fuzzy
|
||||||
msgid "Import a disk image"
|
msgid "Import a disk image"
|
||||||
msgstr "ייבוא דמות כונן"
|
msgstr "לייבא מכונה וירטואלית או דמות של מכולה (container image)"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:23
|
#: src/import/org.freedesktop.import1.policy:23
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to import an image."
|
msgid "Authentication is required to import an image."
|
||||||
msgstr "נדרש אימות כדי לייבא דמות."
|
msgstr ""
|
||||||
|
"נדרש אימות כדי לייבא מכונה וירטואלית או דמות של מכולה (container image)"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:32
|
#: src/import/org.freedesktop.import1.policy:32
|
||||||
|
#, fuzzy
|
||||||
msgid "Export a disk image"
|
msgid "Export a disk image"
|
||||||
msgstr "ייצוא דמות כונן"
|
msgstr "ייצוא מכונה וירטואלית או דמות של מכולה (container image)"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:33
|
#: src/import/org.freedesktop.import1.policy:33
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to export disk image."
|
msgid "Authentication is required to export disk image."
|
||||||
msgstr "נדרש אימות כדי לייצא דמות כונן."
|
msgstr ""
|
||||||
|
"נדרש אימות כדי לייצא מכונה וירטואלית או דמות של מכולה (container image)"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:42
|
#: src/import/org.freedesktop.import1.policy:42
|
||||||
|
#, fuzzy
|
||||||
msgid "Download a disk image"
|
msgid "Download a disk image"
|
||||||
msgstr "הורדת דמות כונן"
|
msgstr "הורדת מכונה וירטואלית או דמות מכולה"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:43
|
#: src/import/org.freedesktop.import1.policy:43
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to download a disk image."
|
msgid "Authentication is required to download a disk image."
|
||||||
msgstr "נדרש אימות כדי להוריד דמות כונן."
|
msgstr "נדרש אימות כדי להוריד מכונה וירטואלית או דמות מכולה"
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:52
|
#: src/import/org.freedesktop.import1.policy:52
|
||||||
msgid "Cancel transfer of a disk image"
|
msgid "Cancel transfer of a disk image"
|
||||||
msgstr "ביטול העברה של דמות כונן"
|
msgstr ""
|
||||||
|
|
||||||
#: src/import/org.freedesktop.import1.policy:53
|
#: src/import/org.freedesktop.import1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid ""
|
msgid ""
|
||||||
"Authentication is required to cancel the ongoing transfer of a disk image."
|
"Authentication is required to cancel the ongoing transfer of a disk image."
|
||||||
msgstr "נדרש אימות כדי לבטל העברה של דמות כונן שמתבצעת בזמן אמת."
|
msgstr "נדרש אימות כדי להחליף סיסמה של אזור בית למשתמש."
|
||||||
|
|
||||||
#: src/locale/org.freedesktop.locale1.policy:22
|
#: src/locale/org.freedesktop.locale1.policy:22
|
||||||
msgid "Set system locale"
|
msgid "Set system locale"
|
||||||
|
@ -719,8 +732,9 @@ msgid "Set a wall message"
|
||||||
msgstr "הגדרת הודעת קיר"
|
msgstr "הגדרת הודעת קיר"
|
||||||
|
|
||||||
#: src/login/org.freedesktop.login1.policy:397
|
#: src/login/org.freedesktop.login1.policy:397
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to set a wall message."
|
msgid "Authentication is required to set a wall message."
|
||||||
msgstr "נדרש אימות כדי להגדיר הודעת קיר."
|
msgstr "נדרש אימות כדי להגדיר הודעת קיר"
|
||||||
|
|
||||||
#: src/login/org.freedesktop.login1.policy:406
|
#: src/login/org.freedesktop.login1.policy:406
|
||||||
msgid "Change Session"
|
msgid "Change Session"
|
||||||
|
@ -790,14 +804,16 @@ msgstr ""
|
||||||
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
|
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
|
||||||
|
|
||||||
#: src/machine/org.freedesktop.machine1.policy:95
|
#: src/machine/org.freedesktop.machine1.policy:95
|
||||||
|
#, fuzzy
|
||||||
msgid "Create a local virtual machine or container"
|
msgid "Create a local virtual machine or container"
|
||||||
msgstr "יצירת מכונה וירטואלית או מכולה מקומיות"
|
msgstr "ניהול מכונות וירטואליות ומכולות מקומיות"
|
||||||
|
|
||||||
#: src/machine/org.freedesktop.machine1.policy:96
|
#: src/machine/org.freedesktop.machine1.policy:96
|
||||||
|
#, fuzzy
|
||||||
msgid ""
|
msgid ""
|
||||||
"Authentication is required to create a local virtual machine or container."
|
"Authentication is required to create a local virtual machine or container."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"נדרש אימות כדי ליצור מכונות וירטואליות (VM) או מכולות (container) מקומיות."
|
"נדרש אימות כדי לנהל מכונות וירטואליות (VM) ומכולות (container) מקומיות."
|
||||||
|
|
||||||
#: src/machine/org.freedesktop.machine1.policy:106
|
#: src/machine/org.freedesktop.machine1.policy:106
|
||||||
msgid "Manage local virtual machine and container images"
|
msgid "Manage local virtual machine and container images"
|
||||||
|
@ -949,13 +965,13 @@ msgstr "נדרש אימות כדי להגדיר כרטיס רשת מחדש."
|
||||||
|
|
||||||
#: src/network/org.freedesktop.network1.policy:187
|
#: src/network/org.freedesktop.network1.policy:187
|
||||||
msgid "Specify whether persistent storage for systemd-networkd is available"
|
msgid "Specify whether persistent storage for systemd-networkd is available"
|
||||||
msgstr "נא לציין האם יש אחסון קבוע זמין ל־systemd-networkd"
|
msgstr ""
|
||||||
|
|
||||||
#: src/network/org.freedesktop.network1.policy:188
|
#: src/network/org.freedesktop.network1.policy:188
|
||||||
msgid ""
|
msgid ""
|
||||||
"Authentication is required to specify whether persistent storage for systemd-"
|
"Authentication is required to specify whether persistent storage for systemd-"
|
||||||
"networkd is available."
|
"networkd is available."
|
||||||
msgstr "נדרש אימות כדי לציין האם אחסון קבוע זמין ל־systemd-networkd."
|
msgstr ""
|
||||||
|
|
||||||
#: src/portable/org.freedesktop.portable1.policy:13
|
#: src/portable/org.freedesktop.portable1.policy:13
|
||||||
msgid "Inspect a portable service image"
|
msgid "Inspect a portable service image"
|
||||||
|
@ -988,16 +1004,18 @@ msgid "Register a DNS-SD service"
|
||||||
msgstr "רישום שירות DNS-SD"
|
msgstr "רישום שירות DNS-SD"
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:23
|
#: src/resolve/org.freedesktop.resolve1.policy:23
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to register a DNS-SD service."
|
msgid "Authentication is required to register a DNS-SD service."
|
||||||
msgstr "נדרש אימות כדי לרשום שירות DNS-SD."
|
msgstr "נדרש אימות כדי לרשום שירות DNS-SD"
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:33
|
#: src/resolve/org.freedesktop.resolve1.policy:33
|
||||||
msgid "Unregister a DNS-SD service"
|
msgid "Unregister a DNS-SD service"
|
||||||
msgstr "ביטול רישום שירות DNS-SD"
|
msgstr "ביטול רישום שירות DNS-SD"
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:34
|
#: src/resolve/org.freedesktop.resolve1.policy:34
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to unregister a DNS-SD service."
|
msgid "Authentication is required to unregister a DNS-SD service."
|
||||||
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD."
|
msgstr "נדרש אימות כדי לבטל רישום של שירות DNS-SD"
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:132
|
#: src/resolve/org.freedesktop.resolve1.policy:132
|
||||||
msgid "Revert name resolution settings"
|
msgid "Revert name resolution settings"
|
||||||
|
@ -1009,85 +1027,95 @@ msgstr "נדרש אימות כדי לאפס את הגדרות פתרון השמ
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:143
|
#: src/resolve/org.freedesktop.resolve1.policy:143
|
||||||
msgid "Subscribe query results"
|
msgid "Subscribe query results"
|
||||||
msgstr "רישום לתוצאות שאילתה"
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:144
|
#: src/resolve/org.freedesktop.resolve1.policy:144
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to subscribe query results."
|
msgid "Authentication is required to subscribe query results."
|
||||||
msgstr "נדרש אימות כדי להירשם לתוצאות שאילתה."
|
msgstr "נדרש אימות כדי להשהות את המערכת."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:154
|
#: src/resolve/org.freedesktop.resolve1.policy:154
|
||||||
msgid "Dump cache"
|
msgid "Dump cache"
|
||||||
msgstr "היטל המטמון"
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:155
|
#: src/resolve/org.freedesktop.resolve1.policy:155
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to dump cache."
|
msgid "Authentication is required to dump cache."
|
||||||
msgstr "נדרש אימות כדי להטיל את המטמון."
|
msgstr "נדרש אימות כדי להגדיר שמות תחום."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:165
|
#: src/resolve/org.freedesktop.resolve1.policy:165
|
||||||
msgid "Dump server state"
|
msgid "Dump server state"
|
||||||
msgstr "היטל מצב השרת"
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:166
|
#: src/resolve/org.freedesktop.resolve1.policy:166
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to dump server state."
|
msgid "Authentication is required to dump server state."
|
||||||
msgstr "נדרש אימות כדי להטיל את מצב השרת."
|
msgstr "נדרש אימות כדי להגדיר שרתי NTP."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:176
|
#: src/resolve/org.freedesktop.resolve1.policy:176
|
||||||
msgid "Dump statistics"
|
msgid "Dump statistics"
|
||||||
msgstr "היטל סטטיסטיקה"
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:177
|
#: src/resolve/org.freedesktop.resolve1.policy:177
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to dump statistics."
|
msgid "Authentication is required to dump statistics."
|
||||||
msgstr "נדרש אימות כדי להטיל סטטיסטיקה."
|
msgstr "נדרש אימות כדי להגדיר שמות תחום."
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:187
|
#: src/resolve/org.freedesktop.resolve1.policy:187
|
||||||
msgid "Reset statistics"
|
msgid "Reset statistics"
|
||||||
msgstr "איפוס סטטיסטיקה"
|
msgstr ""
|
||||||
|
|
||||||
#: src/resolve/org.freedesktop.resolve1.policy:188
|
#: src/resolve/org.freedesktop.resolve1.policy:188
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to reset statistics."
|
msgid "Authentication is required to reset statistics."
|
||||||
msgstr "נדרש אימות כדי לאפס סטטיסטיקה."
|
msgstr "נדרש אימות כדי לאפס הגדרות NTP."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
|
||||||
msgid "Check for system updates"
|
msgid "Check for system updates"
|
||||||
msgstr "חיפוש עדכוני מערכת"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to check for system updates."
|
msgid "Authentication is required to check for system updates."
|
||||||
msgstr "נדרש אימות כדי לחפש עדכוני מערכת."
|
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
|
||||||
msgid "Install system updates"
|
msgid "Install system updates"
|
||||||
msgstr "התקנת עדכוני מערכת"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to install system updates."
|
msgid "Authentication is required to install system updates."
|
||||||
msgstr "נדרש אימות כדי להתקין עדכוני מערכת."
|
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
|
||||||
msgid "Install specific system version"
|
msgid "Install specific system version"
|
||||||
msgstr "התקנת גרסת מערכת מסוימת"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
|
||||||
|
#, fuzzy
|
||||||
msgid ""
|
msgid ""
|
||||||
"Authentication is required to update the system to a specific (possibly old) "
|
"Authentication is required to update the system to a specific (possibly old) "
|
||||||
"version."
|
"version."
|
||||||
msgstr "נדרש אימות כדי לעדכן את המערכת לגרסה מסוימת (כנראה ישנה)."
|
msgstr "נדרש אימות כדי להגדיר את אזור הזמן של המערכת."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
|
||||||
msgid "Cleanup old system updates"
|
msgid "Cleanup old system updates"
|
||||||
msgstr "ניקוי עדכוני מערכת ישנים"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to cleanup old system updates."
|
msgid "Authentication is required to cleanup old system updates."
|
||||||
msgstr "נדרש אימות כדי לנקות עדכוני מערכת ישנים."
|
msgstr "נדרש אימות כדי להגדיר את שעון המערכת."
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "ניהול יכולות רשות"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "נדרש אימות כדי לנהל יכולות רשות"
|
msgstr "נדרש אימות כדי לנהל הפעלות, משתמשים ומושבים פעילים."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
11
po/ja.po
11
po/ja.po
|
@ -6,7 +6,7 @@
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-18 12:55+0900\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2021-09-09 03:04+0000\n"
|
"PO-Revision-Date: 2021-09-09 03:04+0000\n"
|
||||||
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
|
"Last-Translator: Takuro Onoue <kusanaginoturugi@gmail.com>\n"
|
||||||
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Japanese <https://translate.fedoraproject.org/projects/"
|
||||||
|
@ -106,12 +106,14 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "ユーザのホーム領域の更新には認証が必要です。"
|
msgstr "ユーザのホーム領域の更新には認証が必要です。"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "ホーム領域の更新"
|
msgstr "ホーム領域の更新"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "ホーム領域の更新には認証が必要です。"
|
msgstr "ユーザのホーム領域の更新には認証が必要です。"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1118,11 +1120,12 @@ msgstr "過去のシステム更新を削除するには認証が必要です。
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "任意の機能の管理"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "任意の機能を管理するには認証が必要です。"
|
msgstr "アクティブなセッションやユーザ,シートを管理するには認証が必要です。"
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
4
po/ru.po
4
po/ru.po
|
@ -14,7 +14,7 @@ msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-17 13:38+0000\n"
|
"PO-Revision-Date: 2024-11-07 09:30+0000\n"
|
||||||
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
|
"Last-Translator: \"Sergey A.\" <Ser82-png@yandex.ru>\n"
|
||||||
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
|
"Language-Team: Russian <https://translate.fedoraproject.org/projects/systemd/"
|
||||||
"main/ru/>\n"
|
"main/ru/>\n"
|
||||||
|
@ -1280,7 +1280,7 @@ msgstr "Управление дополнительными функциями"
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Для управления дополнительными функциями необходимо пройти аутентификацию"
|
"Для управления дополнительными функциями необходимо пройти аутентификацию."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
15
po/sl.po
15
po/sl.po
|
@ -7,7 +7,7 @@ msgstr ""
|
||||||
"Project-Id-Version: systemd\n"
|
"Project-Id-Version: systemd\n"
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
|
"PO-Revision-Date: 2024-08-26 19:38+0000\n"
|
||||||
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
|
"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
|
||||||
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Slovenian <https://translate.fedoraproject.org/projects/"
|
||||||
"systemd/main/sl/>\n"
|
"systemd/main/sl/>\n"
|
||||||
|
@ -17,7 +17,7 @@ msgstr ""
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
|
"Plural-Forms: nplurals=4; plural=n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || "
|
||||||
"n%100==4 ? 2 : 3;\n"
|
"n%100==4 ? 2 : 3;\n"
|
||||||
"X-Generator: Weblate 5.8.2\n"
|
"X-Generator: Weblate 5.7\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -125,13 +125,16 @@ msgstr ""
|
||||||
"območja."
|
"območja."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Posodobite domače območje"
|
msgstr "Posodobite domače območje"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Preverjanje pristnosti je potrebno za posodobitev vašega domačega območja."
|
"Preverjanje pristnosti je potrebno za posodobitev uporabnikovega domačega "
|
||||||
|
"območja."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1231,12 +1234,14 @@ msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "Upravljaj dodatne funkcionalnosti"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Preverjanje pristnosti je potrebno za upravljanje dodatnih funkcionalnosti."
|
"Preverjanje pristnosti je potrebno za upravljanje aktivnih sej, uporabnikov "
|
||||||
|
"in delovišč."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
18
po/uk.po
18
po/uk.po
|
@ -4,12 +4,11 @@
|
||||||
# Eugene Melnik <jeka7js@gmail.com>, 2014.
|
# Eugene Melnik <jeka7js@gmail.com>, 2014.
|
||||||
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
|
# Daniel Korostil <ted.korostiled@gmail.com>, 2014, 2016, 2018.
|
||||||
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
|
# Yuri Chornoivan <yurchor@ukr.net>, 2019, 2020, 2021, 2022, 2023, 2024.
|
||||||
# Dmytro Markevych <hotr1pak@gmail.com>, 2024.
|
|
||||||
msgid ""
|
msgid ""
|
||||||
msgstr ""
|
msgstr ""
|
||||||
"Report-Msgid-Bugs-To: \n"
|
"Report-Msgid-Bugs-To: \n"
|
||||||
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
|
||||||
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
|
"PO-Revision-Date: 2024-08-24 10:36+0000\n"
|
||||||
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
|
||||||
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
|
||||||
"systemd/main/uk/>\n"
|
"systemd/main/uk/>\n"
|
||||||
|
@ -19,7 +18,7 @@ msgstr ""
|
||||||
"Content-Transfer-Encoding: 8bit\n"
|
"Content-Transfer-Encoding: 8bit\n"
|
||||||
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
|
||||||
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
|
||||||
"X-Generator: Weblate 5.8.2\n"
|
"X-Generator: Weblate 5.7\n"
|
||||||
|
|
||||||
#: src/core/org.freedesktop.systemd1.policy.in:22
|
#: src/core/org.freedesktop.systemd1.policy.in:22
|
||||||
msgid "Send passphrase back to system"
|
msgid "Send passphrase back to system"
|
||||||
|
@ -119,12 +118,14 @@ msgid "Authentication is required to update a user's home area."
|
||||||
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:53
|
#: src/home/org.freedesktop.home1.policy:53
|
||||||
|
#, fuzzy
|
||||||
msgid "Update your home area"
|
msgid "Update your home area"
|
||||||
msgstr "Оновлення домашньої області"
|
msgstr "Оновлення домашньої теки"
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:54
|
#: src/home/org.freedesktop.home1.policy:54
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to update your home area."
|
msgid "Authentication is required to update your home area."
|
||||||
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
|
msgstr "Для оновлення домашньої теки користувача слід пройти розпізнавання."
|
||||||
|
|
||||||
#: src/home/org.freedesktop.home1.policy:63
|
#: src/home/org.freedesktop.home1.policy:63
|
||||||
msgid "Resize a home area"
|
msgid "Resize a home area"
|
||||||
|
@ -1211,11 +1212,14 @@ msgstr "Для вилучення застарілих оновлень сист
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:75
|
||||||
msgid "Manage optional features"
|
msgid "Manage optional features"
|
||||||
msgstr "Керування додатковими функціями"
|
msgstr ""
|
||||||
|
|
||||||
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
|
||||||
|
#, fuzzy
|
||||||
msgid "Authentication is required to manage optional features"
|
msgid "Authentication is required to manage optional features"
|
||||||
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
|
msgstr ""
|
||||||
|
"Для того, щоб керувати сеансами, користувачами і робочими місцями, слід "
|
||||||
|
"пройти розпізнавання."
|
||||||
|
|
||||||
#: src/timedate/org.freedesktop.timedate1.policy:22
|
#: src/timedate/org.freedesktop.timedate1.policy:22
|
||||||
msgid "Set system time"
|
msgid "Set system time"
|
||||||
|
|
|
@ -38,12 +38,19 @@ __get_tpm2_devices() {
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
__get_block_devices() {
|
||||||
|
local i
|
||||||
|
for i in /dev/*; do
|
||||||
|
[ -b "$i" ] && printf '%s\n' "$i"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
_systemd_cryptenroll() {
|
_systemd_cryptenroll() {
|
||||||
local comps
|
local comps
|
||||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
||||||
local -A OPTS=(
|
local -A OPTS=(
|
||||||
[STANDALONE]='-h --help --version
|
[STANDALONE]='-h --help --version
|
||||||
--password --recovery-key --list-devices'
|
--password --recovery-key'
|
||||||
[ARG]='--unlock-key-file
|
[ARG]='--unlock-key-file
|
||||||
--unlock-fido2-device
|
--unlock-fido2-device
|
||||||
--unlock-tpm2-device
|
--unlock-tpm2-device
|
||||||
|
@ -109,7 +116,7 @@ _systemd_cryptenroll() {
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
comps=$(systemd-cryptenroll --list-devices)
|
comps=$(__get_block_devices)
|
||||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
|
@ -799,20 +799,16 @@ int cg_pid_get_path(const char *controller, pid_t pid, char **ret_path) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
_cleanup_free_ char *path = strdup(e + 1);
|
char *path = strdup(e + 1);
|
||||||
if (!path)
|
if (!path)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
/* Refuse cgroup paths from outside our cgroup namespace */
|
|
||||||
if (startswith(path, "/../"))
|
|
||||||
return -EUNATCH;
|
|
||||||
|
|
||||||
/* Truncate suffix indicating the process is a zombie */
|
/* Truncate suffix indicating the process is a zombie */
|
||||||
e = endswith(path, " (deleted)");
|
e = endswith(path, " (deleted)");
|
||||||
if (e)
|
if (e)
|
||||||
*e = 0;
|
*e = 0;
|
||||||
|
|
||||||
*ret_path = TAKE_PTR(path);
|
*ret_path = path;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -102,8 +102,8 @@ int pid_get_comm(pid_t pid, char **ret) {
|
||||||
_cleanup_free_ char *escaped = NULL, *comm = NULL;
|
_cleanup_free_ char *escaped = NULL, *comm = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(pid >= 0);
|
|
||||||
assert(ret);
|
assert(ret);
|
||||||
|
assert(pid >= 0);
|
||||||
|
|
||||||
if (pid == 0 || pid == getpid_cached()) {
|
if (pid == 0 || pid == getpid_cached()) {
|
||||||
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
|
comm = new0(char, TASK_COMM_LEN + 1); /* Must fit in 16 byte according to prctl(2) */
|
||||||
|
@ -143,9 +143,6 @@ int pidref_get_comm(const PidRef *pid, char **ret) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
r = pid_get_comm(pid->pid, &comm);
|
r = pid_get_comm(pid->pid, &comm);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -292,9 +289,6 @@ int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlag
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
|
r = pid_get_cmdline(pid->pid, max_columns, flags, &s);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -337,9 +331,6 @@ int pidref_get_cmdline_strv(const PidRef *pid, ProcessCmdlineFlags flags, char *
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
r = pid_get_cmdline_strv(pid->pid, flags, &args);
|
r = pid_get_cmdline_strv(pid->pid, flags, &args);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -486,9 +477,6 @@ int pidref_is_kernel_thread(const PidRef *pid) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
result = pid_is_kernel_thread(pid->pid);
|
result = pid_is_kernel_thread(pid->pid);
|
||||||
if (result < 0)
|
if (result < 0)
|
||||||
return result;
|
return result;
|
||||||
|
@ -606,9 +594,6 @@ int pidref_get_uid(const PidRef *pid, uid_t *ret) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
r = pid_get_uid(pid->pid, &uid);
|
r = pid_get_uid(pid->pid, &uid);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -809,9 +794,6 @@ int pidref_get_start_time(const PidRef *pid, usec_t *ret) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
|
r = pid_get_start_time(pid->pid, ret ? &t : NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -1111,9 +1093,6 @@ int pidref_is_my_child(const PidRef *pid) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
result = pid_is_my_child(pid->pid);
|
result = pid_is_my_child(pid->pid);
|
||||||
if (result < 0)
|
if (result < 0)
|
||||||
return result;
|
return result;
|
||||||
|
@ -1149,9 +1128,6 @@ int pidref_is_unwaited(const PidRef *pid) {
|
||||||
if (!pidref_is_set(pid))
|
if (!pidref_is_set(pid))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pid))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
if (pid->pid == 1 || pidref_is_self(pid))
|
if (pid->pid == 1 || pidref_is_self(pid))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
@ -1193,9 +1169,6 @@ int pidref_is_alive(const PidRef *pidref) {
|
||||||
if (!pidref_is_set(pidref))
|
if (!pidref_is_set(pidref))
|
||||||
return -ESRCH;
|
return -ESRCH;
|
||||||
|
|
||||||
if (pidref_is_remote(pidref))
|
|
||||||
return -EREMOTE;
|
|
||||||
|
|
||||||
result = pid_is_alive(pidref->pid);
|
result = pid_is_alive(pidref->pid);
|
||||||
if (result < 0) {
|
if (result < 0) {
|
||||||
assert(result != -ESRCH);
|
assert(result != -ESRCH);
|
||||||
|
|
|
@ -220,9 +220,9 @@ static int synthesize_user_creds(
|
||||||
if (ret_gid)
|
if (ret_gid)
|
||||||
*ret_gid = GID_NOBODY;
|
*ret_gid = GID_NOBODY;
|
||||||
if (ret_home)
|
if (ret_home)
|
||||||
*ret_home = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : "/";
|
*ret_home = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : "/";
|
||||||
if (ret_shell)
|
if (ret_shell)
|
||||||
*ret_shell = FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) ? NULL : NOLOGIN;
|
*ret_shell = FLAGS_SET(flags, USER_CREDS_CLEAN) ? NULL : NOLOGIN;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -244,7 +244,6 @@ int get_user_creds(
|
||||||
|
|
||||||
assert(username);
|
assert(username);
|
||||||
assert(*username);
|
assert(*username);
|
||||||
assert((ret_home || ret_shell) || !(flags & (USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_CLEAN)));
|
|
||||||
|
|
||||||
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
|
if (!FLAGS_SET(flags, USER_CREDS_PREFER_NSS) ||
|
||||||
(!ret_home && !ret_shell)) {
|
(!ret_home && !ret_shell)) {
|
||||||
|
@ -316,14 +315,17 @@ int get_user_creds(
|
||||||
|
|
||||||
if (ret_home)
|
if (ret_home)
|
||||||
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
|
/* Note: we don't insist on normalized paths, since there are setups that have /./ in the path */
|
||||||
*ret_home = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && empty_or_root(p->pw_dir)) ||
|
*ret_home = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
||||||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_dir) || !path_is_absolute(p->pw_dir)))
|
(empty_or_root(p->pw_dir) ||
|
||||||
? NULL : p->pw_dir;
|
!path_is_valid(p->pw_dir) ||
|
||||||
|
!path_is_absolute(p->pw_dir))) ? NULL : p->pw_dir;
|
||||||
|
|
||||||
if (ret_shell)
|
if (ret_shell)
|
||||||
*ret_shell = (FLAGS_SET(flags, USER_CREDS_SUPPRESS_PLACEHOLDER) && shell_is_placeholder(p->pw_shell)) ||
|
*ret_shell = (FLAGS_SET(flags, USER_CREDS_CLEAN) &&
|
||||||
(FLAGS_SET(flags, USER_CREDS_CLEAN) && (!path_is_valid(p->pw_shell) || !path_is_absolute(p->pw_shell)))
|
(isempty(p->pw_shell) ||
|
||||||
? NULL : p->pw_shell;
|
!path_is_valid(p->pw_shell) ||
|
||||||
|
!path_is_absolute(p->pw_shell) ||
|
||||||
|
is_nologin_shell(p->pw_shell))) ? NULL : p->pw_shell;
|
||||||
|
|
||||||
if (patch_username)
|
if (patch_username)
|
||||||
*username = p->pw_name;
|
*username = p->pw_name;
|
||||||
|
|
|
@ -12,8 +12,6 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "string-util.h"
|
|
||||||
|
|
||||||
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
|
/* Users managed by systemd-homed. See https://systemd.io/UIDS-GIDS for details how this range fits into the rest of the world */
|
||||||
#define HOME_UID_MIN ((uid_t) 60001)
|
#define HOME_UID_MIN ((uid_t) 60001)
|
||||||
#define HOME_UID_MAX ((uid_t) 60513)
|
#define HOME_UID_MAX ((uid_t) 60513)
|
||||||
|
@ -38,20 +36,10 @@ static inline int parse_gid(const char *s, gid_t *ret_gid) {
|
||||||
char* getlogname_malloc(void);
|
char* getlogname_malloc(void);
|
||||||
char* getusername_malloc(void);
|
char* getusername_malloc(void);
|
||||||
|
|
||||||
const char* default_root_shell_at(int rfd);
|
|
||||||
const char* default_root_shell(const char *root);
|
|
||||||
|
|
||||||
bool is_nologin_shell(const char *shell);
|
|
||||||
|
|
||||||
static inline bool shell_is_placeholder(const char *shell) {
|
|
||||||
return isempty(shell) || is_nologin_shell(shell);
|
|
||||||
}
|
|
||||||
|
|
||||||
typedef enum UserCredsFlags {
|
typedef enum UserCredsFlags {
|
||||||
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
|
USER_CREDS_PREFER_NSS = 1 << 0, /* if set, only synthesize user records if database lacks them. Normally we bypass the userdb entirely for the records we can synthesize */
|
||||||
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
|
USER_CREDS_ALLOW_MISSING = 1 << 1, /* if a numeric UID string is resolved, be OK if there's no record for it */
|
||||||
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
|
USER_CREDS_CLEAN = 1 << 2, /* try to clean up shell and home fields with invalid data */
|
||||||
USER_CREDS_SUPPRESS_PLACEHOLDER = 1 << 3, /* suppress home and/or shell fields if value is placeholder (root/empty/nologin) */
|
|
||||||
} UserCredsFlags;
|
} UserCredsFlags;
|
||||||
|
|
||||||
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
|
int get_user_creds(const char **username, uid_t *ret_uid, gid_t *ret_gid, const char **ret_home, const char **ret_shell, UserCredsFlags flags);
|
||||||
|
@ -137,6 +125,10 @@ int fgetsgent_sane(FILE *stream, struct sgrp **sg);
|
||||||
int putsgent_sane(const struct sgrp *sg, FILE *stream);
|
int putsgent_sane(const struct sgrp *sg, FILE *stream);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
bool is_nologin_shell(const char *shell);
|
||||||
|
const char* default_root_shell_at(int rfd);
|
||||||
|
const char* default_root_shell(const char *root);
|
||||||
|
|
||||||
int is_this_me(const char *username);
|
int is_this_me(const char *username);
|
||||||
|
|
||||||
const char* get_home_root(void);
|
const char* get_home_root(void);
|
||||||
|
|
|
@ -855,6 +855,9 @@ static int get_fixed_user(
|
||||||
assert(user_or_uid);
|
assert(user_or_uid);
|
||||||
assert(ret_username);
|
assert(ret_username);
|
||||||
|
|
||||||
|
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
||||||
|
* (i.e. are "/" or "/bin/nologin"). */
|
||||||
|
|
||||||
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
r = get_user_creds(&user_or_uid, ret_uid, ret_gid, ret_home, ret_shell, USER_CREDS_CLEAN);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -1880,10 +1883,7 @@ static int build_environment(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Note that we don't set $HOME or $SHELL if they are not particularly enlightening anyway
|
if (home && set_user_login_env) {
|
||||||
* (i.e. are "/" or "/bin/nologin"). */
|
|
||||||
|
|
||||||
if (home && set_user_login_env && !empty_or_root(home)) {
|
|
||||||
x = strjoin("HOME=", home);
|
x = strjoin("HOME=", home);
|
||||||
if (!x)
|
if (!x)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -1892,7 +1892,7 @@ static int build_environment(
|
||||||
our_env[n_env++] = x;
|
our_env[n_env++] = x;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (shell && set_user_login_env && !shell_is_placeholder(shell)) {
|
if (shell && set_user_login_env) {
|
||||||
x = strjoin("SHELL=", shell);
|
x = strjoin("SHELL=", shell);
|
||||||
if (!x)
|
if (!x)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
@ -3471,16 +3471,20 @@ static int apply_working_directory(
|
||||||
const ExecContext *context,
|
const ExecContext *context,
|
||||||
const ExecParameters *params,
|
const ExecParameters *params,
|
||||||
ExecRuntime *runtime,
|
ExecRuntime *runtime,
|
||||||
const char *home) {
|
const char *home,
|
||||||
|
int *exit_status) {
|
||||||
|
|
||||||
const char *wd;
|
const char *wd;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(context);
|
assert(context);
|
||||||
|
assert(exit_status);
|
||||||
|
|
||||||
if (context->working_directory_home) {
|
if (context->working_directory_home) {
|
||||||
if (!home)
|
if (!home) {
|
||||||
|
*exit_status = EXIT_CHDIR;
|
||||||
return -ENXIO;
|
return -ENXIO;
|
||||||
|
}
|
||||||
|
|
||||||
wd = home;
|
wd = home;
|
||||||
} else
|
} else
|
||||||
|
@ -3499,7 +3503,13 @@ static int apply_working_directory(
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
r = RET_NERRNO(fchdir(dfd));
|
r = RET_NERRNO(fchdir(dfd));
|
||||||
}
|
}
|
||||||
return context->working_directory_missing_ok ? 0 : r;
|
|
||||||
|
if (r < 0 && !context->working_directory_missing_ok) {
|
||||||
|
*exit_status = EXIT_CHDIR;
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int apply_root_directory(
|
static int apply_root_directory(
|
||||||
|
@ -3775,7 +3785,7 @@ static int acquire_home(const ExecContext *c, const char **home, char **ret_buf)
|
||||||
if (!c->working_directory_home)
|
if (!c->working_directory_home)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (c->dynamic_user || (c->user && is_this_me(c->user) <= 0))
|
if (c->dynamic_user)
|
||||||
return -EADDRNOTAVAIL;
|
return -EADDRNOTAVAIL;
|
||||||
|
|
||||||
r = get_home_dir(ret_buf);
|
r = get_home_dir(ret_buf);
|
||||||
|
@ -4533,7 +4543,7 @@ int exec_invoke(
|
||||||
r = acquire_home(context, &home, &home_buffer);
|
r = acquire_home(context, &home, &home_buffer);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
*exit_status = EXIT_CHDIR;
|
*exit_status = EXIT_CHDIR;
|
||||||
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for the invoking user: %m");
|
return log_exec_error_errno(context, params, r, "Failed to determine $HOME for user: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
|
/* If a socket is connected to STDIN/STDOUT/STDERR, we must drop O_NONBLOCK */
|
||||||
|
@ -5372,11 +5382,9 @@ int exec_invoke(
|
||||||
* running this service might have the correct privilege to change to the working directory. Also, it
|
* running this service might have the correct privilege to change to the working directory. Also, it
|
||||||
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
|
* is absolutely 💣 crucial 💣 we applied all mount namespacing rearrangements before this, so that
|
||||||
* the cwd cannot be used to pin directories outside of the sandbox. */
|
* the cwd cannot be used to pin directories outside of the sandbox. */
|
||||||
r = apply_working_directory(context, params, runtime, home);
|
r = apply_working_directory(context, params, runtime, home, exit_status);
|
||||||
if (r < 0) {
|
if (r < 0)
|
||||||
*exit_status = EXIT_CHDIR;
|
|
||||||
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
|
return log_exec_error_errno(context, params, r, "Changing to the requested working directory failed: %m");
|
||||||
}
|
|
||||||
|
|
||||||
if (needs_sandboxing) {
|
if (needs_sandboxing) {
|
||||||
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
|
/* Apply other MAC contexts late, but before seccomp syscall filtering, as those should really be last to
|
||||||
|
|
|
@ -3426,12 +3426,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
|
r = service_add_fd_store(s, fd, fdn, do_poll);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_unit_debug_errno(u, r,
|
log_unit_debug_errno(u, r,
|
||||||
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TAKE_FD(fd);
|
||||||
} else if (streq(key, "extra-fd")) {
|
} else if (streq(key, "extra-fd")) {
|
||||||
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
||||||
_cleanup_close_ int fd = -EBADF;
|
_cleanup_close_ int fd = -EBADF;
|
||||||
|
|
|
@ -193,7 +193,7 @@ int enroll_fido2(
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
|
|
||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"\nPlease save this FIDO2 credential ID. It is required when unlocking the volume\n"
|
"\nPlease save this FIDO2 credential ID. It is required when unloocking the volume\n"
|
||||||
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
|
"using the associated FIDO2 keyslot which we just created. To configure automatic\n"
|
||||||
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
|
"unlocking using this FIDO2 token, add an appropriate entry to your /etc/crypttab\n"
|
||||||
"file, see %s for details.\n", link);
|
"file, see %s for details.\n", link);
|
||||||
|
|
|
@ -427,9 +427,6 @@ int wipe_slots(struct crypt_device *cd,
|
||||||
for (size_t i = n_ordered_slots; i > 0; i--) {
|
for (size_t i = n_ordered_slots; i > 0; i--) {
|
||||||
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
|
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
if (r == -ENOENT)
|
|
||||||
log_warning_errno(r, "Failed to wipe non-existent slot %i, continuing.", ordered_slots[i - 1]);
|
|
||||||
else
|
|
||||||
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
|
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = r;
|
ret = r;
|
||||||
|
|
|
@ -193,7 +193,7 @@ static int help(void) {
|
||||||
"\n%3$sSimple Enrollment:%4$s\n"
|
"\n%3$sSimple Enrollment:%4$s\n"
|
||||||
" --password Enroll a user-supplied password\n"
|
" --password Enroll a user-supplied password\n"
|
||||||
" --recovery-key Enroll a recovery key\n"
|
" --recovery-key Enroll a recovery key\n"
|
||||||
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
"\n%3$sPKCS11 Enrollment:%4$s\n"
|
||||||
" --pkcs11-token-uri=URI\n"
|
" --pkcs11-token-uri=URI\n"
|
||||||
" Specify PKCS#11 security token URI\n"
|
" Specify PKCS#11 security token URI\n"
|
||||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||||
|
|
|
@ -750,7 +750,7 @@ static int ndisc_option_parse_route(Set **options, size_t offset, size_t len, co
|
||||||
usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true);
|
usec_t lifetime = unaligned_be32_sec_to_usec(opt + 4, /* max_as_infinity = */ true);
|
||||||
|
|
||||||
struct in6_addr prefix;
|
struct in6_addr prefix;
|
||||||
memcpy_safe(&prefix, opt + 8, len - 8);
|
memcpy(&prefix, opt + 8, len - 8);
|
||||||
in6_addr_mask(&prefix, prefixlen);
|
in6_addr_mask(&prefix, prefixlen);
|
||||||
|
|
||||||
return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime);
|
return ndisc_option_add_route(options, offset, preference, prefixlen, &prefix, lifetime);
|
||||||
|
|
|
@ -1033,14 +1033,12 @@ global:
|
||||||
sd_varlink_server_listen_fd;
|
sd_varlink_server_listen_fd;
|
||||||
sd_varlink_server_loop_auto;
|
sd_varlink_server_loop_auto;
|
||||||
sd_varlink_server_new;
|
sd_varlink_server_new;
|
||||||
sd_varlink_server_ref;
|
|
||||||
sd_varlink_server_set_connections_max;
|
sd_varlink_server_set_connections_max;
|
||||||
sd_varlink_server_set_connections_per_uid_max;
|
sd_varlink_server_set_connections_per_uid_max;
|
||||||
sd_varlink_server_set_description;
|
sd_varlink_server_set_description;
|
||||||
sd_varlink_server_set_exit_on_idle;
|
sd_varlink_server_set_exit_on_idle;
|
||||||
sd_varlink_server_set_userdata;
|
sd_varlink_server_set_userdata;
|
||||||
sd_varlink_server_shutdown;
|
sd_varlink_server_shutdown;
|
||||||
sd_varlink_server_unref;
|
|
||||||
sd_varlink_set_allow_fd_passing_input;
|
sd_varlink_set_allow_fd_passing_input;
|
||||||
sd_varlink_set_allow_fd_passing_output;
|
sd_varlink_set_allow_fd_passing_output;
|
||||||
sd_varlink_set_description;
|
sd_varlink_set_description;
|
||||||
|
|
|
@ -3265,7 +3265,7 @@ static sd_varlink_server* varlink_server_destroy(sd_varlink_server *s) {
|
||||||
return mfree(s);
|
return mfree(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
DEFINE_PUBLIC_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
|
DEFINE_TRIVIAL_REF_UNREF_FUNC(sd_varlink_server, sd_varlink_server, varlink_server_destroy);
|
||||||
|
|
||||||
static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) {
|
static int validate_connection(sd_varlink_server *server, const struct ucred *ucred) {
|
||||||
int allowed = -1;
|
int allowed = -1;
|
||||||
|
|
|
@ -16,7 +16,7 @@ int varlink_get_peer_pidref(sd_varlink *v, PidRef *ret) {
|
||||||
|
|
||||||
int pidfd = sd_varlink_get_peer_pidfd(v);
|
int pidfd = sd_varlink_get_peer_pidfd(v);
|
||||||
if (pidfd < 0) {
|
if (pidfd < 0) {
|
||||||
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd) && pidfd != -EINVAL)
|
if (!ERRNO_IS_NEG_NOT_SUPPORTED(pidfd))
|
||||||
return pidfd;
|
return pidfd;
|
||||||
|
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
|
@ -642,7 +642,7 @@ static bool netdev_can_set_mac(NetDev *netdev, const struct hw_addr_data *hw_add
|
||||||
if (hw_addr_equal(&link->hw_addr, hw_addr))
|
if (hw_addr_equal(&link->hw_addr, hw_addr))
|
||||||
return false; /* Unchanged, not necessary to set. */
|
return false; /* Unchanged, not necessary to set. */
|
||||||
|
|
||||||
/* Some netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
|
/* Soem netdevs refuse to update MAC address even if the interface is not running, e.g. ipvlan.
|
||||||
* Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if
|
* Some other netdevs have the IFF_LIVE_ADDR_CHANGE flag and can update update MAC address even if
|
||||||
* the interface is running, e.g. dummy. For those cases, use custom checkers. */
|
* the interface is running, e.g. dummy. For those cases, use custom checkers. */
|
||||||
if (NETDEV_VTABLE(netdev)->can_set_mac)
|
if (NETDEV_VTABLE(netdev)->can_set_mac)
|
||||||
|
|
|
@ -1443,7 +1443,6 @@ int link_reconfigure_impl(Link *link, LinkReconfigurationFlag flags) {
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct LinkReconfigurationData {
|
typedef struct LinkReconfigurationData {
|
||||||
Manager *manager;
|
|
||||||
Link *link;
|
Link *link;
|
||||||
LinkReconfigurationFlag flags;
|
LinkReconfigurationFlag flags;
|
||||||
sd_bus_message *message;
|
sd_bus_message *message;
|
||||||
|
@ -1474,12 +1473,6 @@ static void link_reconfiguration_data_destroy_callback(LinkReconfigurationData *
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!data->counter || *data->counter <= 0) {
|
if (!data->counter || *data->counter <= 0) {
|
||||||
/* Update the state files before replying the bus method. Otherwise,
|
|
||||||
* systemd-networkd-wait-online following networkctl reload/reconfigure may read an
|
|
||||||
* outdated state file and wrongly handle an interface is already in the configured
|
|
||||||
* state. */
|
|
||||||
(void) manager_clean_all(data->manager);
|
|
||||||
|
|
||||||
r = sd_bus_reply_method_return(data->message, NULL);
|
r = sd_bus_reply_method_return(data->message, NULL);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
|
log_warning_errno(r, "Failed to reply for DBus method, ignoring: %m");
|
||||||
|
@ -1528,7 +1521,6 @@ int link_reconfigure_full(Link *link, LinkReconfigurationFlag flags, sd_bus_mess
|
||||||
}
|
}
|
||||||
|
|
||||||
*data = (LinkReconfigurationData) {
|
*data = (LinkReconfigurationData) {
|
||||||
.manager = link->manager,
|
|
||||||
.link = link_ref(link),
|
.link = link_ref(link),
|
||||||
.flags = flags,
|
.flags = flags,
|
||||||
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */
|
.message = sd_bus_message_ref(message), /* message may be NULL, but _ref() works fine. */
|
||||||
|
|
|
@ -1610,7 +1610,7 @@ static int ndisc_router_process_onlink_prefix(Link *link, sd_ndisc_router *rt) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt) {
|
||||||
uint8_t flags, prefixlen;
|
uint8_t flags, prefixlen;
|
||||||
struct in6_addr a;
|
struct in6_addr a;
|
||||||
int r;
|
int r;
|
||||||
|
@ -1619,14 +1619,6 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zer
|
||||||
assert(link->network);
|
assert(link->network);
|
||||||
assert(rt);
|
assert(rt);
|
||||||
|
|
||||||
usec_t lifetime_usec;
|
|
||||||
r = sd_ndisc_router_prefix_get_valid_lifetime(rt, &lifetime_usec);
|
|
||||||
if (r < 0)
|
|
||||||
return log_link_warning_errno(link, r, "Failed to get prefix lifetime: %m");
|
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_ndisc_router_prefix_get_address(rt, &a);
|
r = sd_ndisc_router_prefix_get_address(rt, &a);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
|
return log_link_warning_errno(link, r, "Failed to get prefix address: %m");
|
||||||
|
@ -1672,7 +1664,7 @@ static int ndisc_router_process_prefix(Link *link, sd_ndisc_router *rt, bool zer
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
|
||||||
_cleanup_(route_unrefp) Route *route = NULL;
|
_cleanup_(route_unrefp) Route *route = NULL;
|
||||||
uint8_t preference, prefixlen;
|
uint8_t preference, prefixlen;
|
||||||
struct in6_addr gateway, dst;
|
struct in6_addr gateway, dst;
|
||||||
|
@ -1688,9 +1680,6 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m");
|
return log_link_warning_errno(link, r, "Failed to get route lifetime from RA: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_ndisc_router_route_get_address(rt, &dst);
|
r = sd_ndisc_router_route_get_address(rt, &dst);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get route destination address: %m");
|
return log_link_warning_errno(link, r, "Failed to get route destination address: %m");
|
||||||
|
@ -1723,6 +1712,10 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt, bool zero
|
||||||
}
|
}
|
||||||
|
|
||||||
r = sd_ndisc_router_route_get_preference(rt, &preference);
|
r = sd_ndisc_router_route_get_preference(rt, &preference);
|
||||||
|
if (r == -EOPNOTSUPP) {
|
||||||
|
log_link_debug_errno(link, r, "Received route prefix with unsupported preference, ignoring: %m");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
|
return log_link_warning_errno(link, r, "Failed to get router preference from RA: %m");
|
||||||
|
|
||||||
|
@ -1766,7 +1759,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
|
||||||
ndisc_rdnss_compare_func,
|
ndisc_rdnss_compare_func,
|
||||||
free);
|
free);
|
||||||
|
|
||||||
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt) {
|
||||||
usec_t lifetime_usec;
|
usec_t lifetime_usec;
|
||||||
const struct in6_addr *a;
|
const struct in6_addr *a;
|
||||||
struct in6_addr router;
|
struct in6_addr router;
|
||||||
|
@ -1788,9 +1781,6 @@ static int ndisc_router_process_rdnss(Link *link, sd_ndisc_router *rt, bool zero
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
|
return log_link_warning_errno(link, r, "Failed to get RDNSS lifetime: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
|
n = sd_ndisc_router_rdnss_get_addresses(rt, &a);
|
||||||
if (n < 0)
|
if (n < 0)
|
||||||
return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
|
return log_link_warning_errno(link, n, "Failed to get RDNSS addresses: %m");
|
||||||
|
@ -1861,7 +1851,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
|
||||||
ndisc_dnssl_compare_func,
|
ndisc_dnssl_compare_func,
|
||||||
free);
|
free);
|
||||||
|
|
||||||
static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt) {
|
||||||
char **l;
|
char **l;
|
||||||
usec_t lifetime_usec;
|
usec_t lifetime_usec;
|
||||||
struct in6_addr router;
|
struct in6_addr router;
|
||||||
|
@ -1883,9 +1873,6 @@ static int ndisc_router_process_dnssl(Link *link, sd_ndisc_router *rt, bool zero
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m");
|
return log_link_warning_errno(link, r, "Failed to get DNSSL lifetime: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_ndisc_router_dnssl_get_domains(rt, &l);
|
r = sd_ndisc_router_dnssl_get_domains(rt, &l);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m");
|
return log_link_warning_errno(link, r, "Failed to get DNSSL addresses: %m");
|
||||||
|
@ -1966,7 +1953,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
|
||||||
ndisc_captive_portal_compare_func,
|
ndisc_captive_portal_compare_func,
|
||||||
ndisc_captive_portal_free);
|
ndisc_captive_portal_free);
|
||||||
|
|
||||||
static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt) {
|
||||||
_cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL;
|
_cleanup_(ndisc_captive_portal_freep) NDiscCaptivePortal *new_entry = NULL;
|
||||||
_cleanup_free_ char *captive_portal = NULL;
|
_cleanup_free_ char *captive_portal = NULL;
|
||||||
const char *uri;
|
const char *uri;
|
||||||
|
@ -1993,9 +1980,6 @@ static int ndisc_router_process_captive_portal(Link *link, sd_ndisc_router *rt,
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
|
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_ndisc_router_get_captive_portal(rt, &uri);
|
r = sd_ndisc_router_get_captive_portal(rt, &uri);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m");
|
return log_link_warning_errno(link, r, "Failed to get captive portal from RA: %m");
|
||||||
|
@ -2084,7 +2068,7 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(
|
||||||
ndisc_pref64_compare_func,
|
ndisc_pref64_compare_func,
|
||||||
mfree);
|
mfree);
|
||||||
|
|
||||||
static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt) {
|
||||||
_cleanup_free_ NDiscPREF64 *new_entry = NULL;
|
_cleanup_free_ NDiscPREF64 *new_entry = NULL;
|
||||||
usec_t lifetime_usec;
|
usec_t lifetime_usec;
|
||||||
struct in6_addr a, router;
|
struct in6_addr a, router;
|
||||||
|
@ -2115,9 +2099,6 @@ static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt, bool zer
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m");
|
return log_link_warning_errno(link, r, "Failed to get pref64 prefix lifetime: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (lifetime_usec == 0) {
|
if (lifetime_usec == 0) {
|
||||||
free(set_remove(link->ndisc_pref64,
|
free(set_remove(link->ndisc_pref64,
|
||||||
&(NDiscPREF64) {
|
&(NDiscPREF64) {
|
||||||
|
@ -2236,7 +2217,7 @@ static int sd_dns_resolver_copy(const sd_dns_resolver *a, sd_dns_resolver *b) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(link);
|
assert(link);
|
||||||
|
@ -2259,9 +2240,6 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, b
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
|
return log_link_warning_errno(link, r, "Failed to get lifetime of RA message: %m");
|
||||||
|
|
||||||
if ((lifetime_usec == 0) != zero_lifetime)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res);
|
r = sd_ndisc_router_encrypted_dns_get_resolver(rt, &res);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m");
|
return log_link_warning_errno(link, r, "Failed to get encrypted dns resolvers: %m");
|
||||||
|
@ -2314,7 +2292,7 @@ static int ndisc_router_process_encrypted_dns(Link *link, sd_ndisc_router *rt, b
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool zero_lifetime) {
|
static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt) {
|
||||||
size_t n_captive_portal = 0;
|
size_t n_captive_portal = 0;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
|
@ -2336,19 +2314,19 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool ze
|
||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case SD_NDISC_OPTION_PREFIX_INFORMATION:
|
case SD_NDISC_OPTION_PREFIX_INFORMATION:
|
||||||
r = ndisc_router_process_prefix(link, rt, zero_lifetime);
|
r = ndisc_router_process_prefix(link, rt);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_NDISC_OPTION_ROUTE_INFORMATION:
|
case SD_NDISC_OPTION_ROUTE_INFORMATION:
|
||||||
r = ndisc_router_process_route(link, rt, zero_lifetime);
|
r = ndisc_router_process_route(link, rt);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_NDISC_OPTION_RDNSS:
|
case SD_NDISC_OPTION_RDNSS:
|
||||||
r = ndisc_router_process_rdnss(link, rt, zero_lifetime);
|
r = ndisc_router_process_rdnss(link, rt);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case SD_NDISC_OPTION_DNSSL:
|
case SD_NDISC_OPTION_DNSSL:
|
||||||
r = ndisc_router_process_dnssl(link, rt, zero_lifetime);
|
r = ndisc_router_process_dnssl(link, rt);
|
||||||
break;
|
break;
|
||||||
case SD_NDISC_OPTION_CAPTIVE_PORTAL:
|
case SD_NDISC_OPTION_CAPTIVE_PORTAL:
|
||||||
if (n_captive_portal > 0) {
|
if (n_captive_portal > 0) {
|
||||||
|
@ -2358,15 +2336,15 @@ static int ndisc_router_process_options(Link *link, sd_ndisc_router *rt, bool ze
|
||||||
n_captive_portal++;
|
n_captive_portal++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
r = ndisc_router_process_captive_portal(link, rt, zero_lifetime);
|
r = ndisc_router_process_captive_portal(link, rt);
|
||||||
if (r > 0)
|
if (r > 0)
|
||||||
n_captive_portal++;
|
n_captive_portal++;
|
||||||
break;
|
break;
|
||||||
case SD_NDISC_OPTION_PREF64:
|
case SD_NDISC_OPTION_PREF64:
|
||||||
r = ndisc_router_process_pref64(link, rt, zero_lifetime);
|
r = ndisc_router_process_pref64(link, rt);
|
||||||
break;
|
break;
|
||||||
case SD_NDISC_OPTION_ENCRYPTED_DNS:
|
case SD_NDISC_OPTION_ENCRYPTED_DNS:
|
||||||
r = ndisc_router_process_encrypted_dns(link, rt, zero_lifetime);
|
r = ndisc_router_process_encrypted_dns(link, rt);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (r < 0 && r != -EBADMSG)
|
if (r < 0 && r != -EBADMSG)
|
||||||
|
@ -2674,6 +2652,10 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
r = ndisc_router_process_default(link, rt);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
r = ndisc_router_process_reachable_time(link, rt);
|
r = ndisc_router_process_reachable_time(link, rt);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
@ -2690,15 +2672,7 @@ static int ndisc_router_handler(Link *link, sd_ndisc_router *rt) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ true);
|
r = ndisc_router_process_options(link, rt);
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
r = ndisc_router_process_default(link, rt);
|
|
||||||
if (r < 0)
|
|
||||||
return r;
|
|
||||||
|
|
||||||
r = ndisc_router_process_options(link, rt, /* zero_lifetime = */ false);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,6 @@ static int add_syscall_filters(
|
||||||
{ CAP_IPC_LOCK, "@memlock" },
|
{ CAP_IPC_LOCK, "@memlock" },
|
||||||
|
|
||||||
/* Plus a good set of additional syscalls which are not part of any of the groups above */
|
/* Plus a good set of additional syscalls which are not part of any of the groups above */
|
||||||
{ 0, "arm_fadvise64_64" },
|
|
||||||
{ 0, "brk" },
|
{ 0, "brk" },
|
||||||
{ 0, "capget" },
|
{ 0, "capget" },
|
||||||
{ 0, "capset" },
|
{ 0, "capset" },
|
||||||
|
|
|
@ -2297,8 +2297,7 @@ static int start_transient_scope(sd_bus *bus) {
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|
||||||
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell,
|
r = get_user_creds(&arg_exec_user, &uid, &gid, &home, &shell, USER_CREDS_CLEAN|USER_CREDS_PREFER_NSS);
|
||||||
USER_CREDS_CLEAN|USER_CREDS_SUPPRESS_PLACEHOLDER|USER_CREDS_PREFER_NSS);
|
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
|
return log_error_errno(r, "Failed to resolve user %s: %m", arg_exec_user);
|
||||||
|
|
||||||
|
|
|
@ -46,17 +46,13 @@ static bool argv_has_at(pid_t pid) {
|
||||||
return c == '@';
|
return c == '@';
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool is_in_survivor_cgroup(const PidRef *pid) {
|
static bool is_survivor_cgroup(const PidRef *pid) {
|
||||||
_cleanup_free_ char *cgroup_path = NULL;
|
_cleanup_free_ char *cgroup_path = NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(pidref_is_set(pid));
|
assert(pidref_is_set(pid));
|
||||||
|
|
||||||
r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
|
r = cg_pidref_get_path(/* root= */ NULL, pid, &cgroup_path);
|
||||||
if (r == -EUNATCH) {
|
|
||||||
log_warning_errno(r, "Process " PID_FMT " appears to originate in foreign namespace, ignoring.", pid->pid);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
|
log_warning_errno(r, "Failed to get cgroup path of process " PID_FMT ", ignoring: %m", pid->pid);
|
||||||
return false;
|
return false;
|
||||||
|
@ -90,7 +86,7 @@ static bool ignore_proc(const PidRef *pid, bool warn_rootfs) {
|
||||||
return true; /* also ignore processes where we can't determine this */
|
return true; /* also ignore processes where we can't determine this */
|
||||||
|
|
||||||
/* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
|
/* Ignore processes that are part of a cgroup marked with the user.survive_final_kill_signal xattr */
|
||||||
if (is_in_survivor_cgroup(pid))
|
if (is_survivor_cgroup(pid))
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
r = pidref_get_uid(pid, &uid);
|
r = pidref_get_uid(pid, &uid);
|
||||||
|
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
||||||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||||
|
|
||||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
||||||
|
|
||||||
/* Default to PCR 7 only */
|
/* Default to PCR 7 only */
|
||||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||||
|
|
|
@ -28,28 +28,21 @@ const char* user_record_state_color(const char *state) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void dump_self_modifiable(
|
static void dump_self_modifiable(const char *heading, char **field, const char **value) {
|
||||||
const char *heading,
|
|
||||||
char **field,
|
|
||||||
const char **value) {
|
|
||||||
|
|
||||||
assert(heading);
|
assert(heading);
|
||||||
|
|
||||||
/* Helper function for printing the various self_modifiable_* fields from the user record */
|
/* Helper function for printing the various self_modifiable_* fields from the user record */
|
||||||
|
|
||||||
if (!value)
|
if (strv_isempty((char**) value))
|
||||||
/* Case 1: no value is set and no default either */
|
/* Case 1: the array is explicitly set to be empty by the administrator */
|
||||||
printf("%13s %snone%s\n", heading, ansi_highlight(), ansi_normal());
|
printf("%13s %sDisabled by Administrator%s\n", heading, ansi_highlight_red(), ansi_normal());
|
||||||
else if (strv_isempty((char**) value))
|
|
||||||
/* Case 2: the array is explicitly set to empty by the administrator */
|
|
||||||
printf("%13s %sdisabled by administrator%s\n", heading, ansi_highlight_red(), ansi_normal());
|
|
||||||
else if (!field)
|
else if (!field)
|
||||||
/* Case 3: we have values, but the field is NULL. This means that we're using the defaults.
|
/* Case 2: we have values, but the field is NULL. This means that we're using the defaults.
|
||||||
* We list them anyways, because they're security-sensitive to the administrator */
|
* We list them anyways, because they're security-sensitive to the administrator */
|
||||||
STRV_FOREACH(i, value)
|
STRV_FOREACH(i, value)
|
||||||
printf("%13s %s%s%s\n", i == value ? heading : "", ansi_grey(), *i, ansi_normal());
|
printf("%13s %s%s%s\n", i == value ? heading : "", ansi_grey(), *i, ansi_normal());
|
||||||
else
|
else
|
||||||
/* Case 4: we have a list provided by the administrator */
|
/* Case 3: we have a list provided by the administrator */
|
||||||
STRV_FOREACH(i, value)
|
STRV_FOREACH(i, value)
|
||||||
printf("%13s %s\n", i == value ? heading : "", *i);
|
printf("%13s %s\n", i == value ? heading : "", *i);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2165,15 +2165,8 @@ const char** user_record_self_modifiable_fields(UserRecord *h) {
|
||||||
|
|
||||||
assert(h);
|
assert(h);
|
||||||
|
|
||||||
/* Note: if the self_modifiable_fields field in UserRecord is NULL we'll apply a default, if we have
|
|
||||||
* one. If it is a non-NULL empty strv, we'll report it as explicit empty list. When the field is
|
|
||||||
* NULL and we have no default list we'll return NULL. */
|
|
||||||
|
|
||||||
/* Note that we intentionally distinguish between NULL and an empty array here */
|
/* Note that we intentionally distinguish between NULL and an empty array here */
|
||||||
if (h->self_modifiable_fields)
|
return (const char**) h->self_modifiable_fields ?: (const char**) default_fields;
|
||||||
return (const char**) h->self_modifiable_fields;
|
|
||||||
|
|
||||||
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const char** user_record_self_modifiable_blobs(UserRecord *h) {
|
const char** user_record_self_modifiable_blobs(UserRecord *h) {
|
||||||
|
@ -2187,10 +2180,7 @@ const char** user_record_self_modifiable_blobs(UserRecord *h) {
|
||||||
assert(h);
|
assert(h);
|
||||||
|
|
||||||
/* Note that we intentionally distinguish between NULL and an empty array here */
|
/* Note that we intentionally distinguish between NULL and an empty array here */
|
||||||
if (h->self_modifiable_blobs)
|
return (const char**) h->self_modifiable_blobs ?: (const char**) default_blobs;
|
||||||
return (const char**) h->self_modifiable_blobs;
|
|
||||||
|
|
||||||
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_blobs : NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const char** user_record_self_modifiable_privileged(UserRecord *h) {
|
const char** user_record_self_modifiable_privileged(UserRecord *h) {
|
||||||
|
@ -2211,10 +2201,7 @@ const char** user_record_self_modifiable_privileged(UserRecord *h) {
|
||||||
assert(h);
|
assert(h);
|
||||||
|
|
||||||
/* Note that we intentionally distinguish between NULL and an empty array here */
|
/* Note that we intentionally distinguish between NULL and an empty array here */
|
||||||
if (h->self_modifiable_privileged)
|
return (const char**) h->self_modifiable_privileged ?: (const char**) default_fields;
|
||||||
return (const char**) h->self_modifiable_privileged;
|
|
||||||
|
|
||||||
return user_record_disposition(h) == USER_REGULAR ? (const char**) default_fields : NULL;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {
|
static int remove_self_modifiable_json_fields_common(UserRecord *current, sd_json_variant **target) {
|
||||||
|
|
|
@ -245,7 +245,7 @@ static int add_vsock_socket(
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_debug("Binding SSH to AF_VSOCK vsock::22.\n"
|
log_info("Binding SSH to AF_VSOCK vsock::22.\n"
|
||||||
"→ connect via 'ssh vsock/%u' from host", local_cid);
|
"→ connect via 'ssh vsock/%u' from host", local_cid);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -280,7 +280,7 @@ static int add_local_unix_socket(
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_debug("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n"
|
log_info("Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket.\n"
|
||||||
"→ connect via 'ssh .host' locally");
|
"→ connect via 'ssh .host' locally");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -336,7 +336,7 @@ static int add_export_unix_socket(
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_debug("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n"
|
log_info("Binding SSH to AF_UNIX socket /run/host/unix-export/ssh\n"
|
||||||
"→ connect via 'ssh unix/run/systemd/nspawn/unix-export/\?\?\?/ssh' from host");
|
"→ connect via 'ssh unix/run/systemd/nspawn/unix-export/\?\?\?/ssh' from host");
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -387,7 +387,7 @@ static int add_extra_sockets(
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return r;
|
return r;
|
||||||
|
|
||||||
log_debug("Binding SSH to socket %s.", *i);
|
log_info("Binding SSH to socket %s.", *i);
|
||||||
n++;
|
n++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -462,7 +462,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late)
|
||||||
_cleanup_free_ char *sshd_binary = NULL;
|
_cleanup_free_ char *sshd_binary = NULL;
|
||||||
r = find_executable("sshd", &sshd_binary);
|
r = find_executable("sshd", &sshd_binary);
|
||||||
if (r == -ENOENT) {
|
if (r == -ENOENT) {
|
||||||
log_debug("Disabling SSH generator logic, since sshd is not installed.");
|
log_info("Disabling SSH generator logic, since sshd is not installed.");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
|
|
@ -724,7 +724,7 @@ static void print_status_info(
|
||||||
printf(" Tasks: %" PRIu64, i->tasks_current);
|
printf(" Tasks: %" PRIu64, i->tasks_current);
|
||||||
|
|
||||||
if (i->tasks_max != UINT64_MAX)
|
if (i->tasks_max != UINT64_MAX)
|
||||||
printf("%s (limit: %" PRIu64 ")%s\n", ansi_grey(), i->tasks_max, ansi_normal());
|
printf(" (limit: %" PRIu64 ")\n", i->tasks_max);
|
||||||
else
|
else
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
|
|
|
@ -99,15 +99,15 @@ int main(void) {
|
||||||
printf("Found %zu symbols from source files.\\n", j);
|
printf("Found %zu symbols from source files.\\n", j);
|
||||||
|
|
||||||
for (i = 0; symbols_from_sym[i].name; i++) {
|
for (i = 0; symbols_from_sym[i].name; i++) {
|
||||||
struct symbol *n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
|
struct symbol*n = bsearch(symbols_from_sym+i, symbols_from_source, sizeof(symbols_from_source)/sizeof(symbols_from_source[0])-1, sizeof(symbols_from_source[0]), sort_callback);
|
||||||
if (!n)
|
if (!n)
|
||||||
printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
|
printf("Found in symbol file, but not in sources: %s\\n", symbols_from_sym[i].name);
|
||||||
}
|
}
|
||||||
|
|
||||||
for (j = 0; symbols_from_source[j].name; j++) {
|
for (j = 0; symbols_from_source[j].name; j++) {
|
||||||
struct symbol *n = bsearch(symbols_from_source+j, symbols_from_sym, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
|
struct symbol*n = bsearch(symbols_from_source+j, symbols_from_source, sizeof(symbols_from_sym)/sizeof(symbols_from_sym[0])-1, sizeof(symbols_from_sym[0]), sort_callback);
|
||||||
if (!n)
|
if (!n)
|
||||||
printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[j].name);
|
printf("Found in sources, but not in symbol file: %s\\n", symbols_from_source[i].name);
|
||||||
}
|
}
|
||||||
|
|
||||||
return i == j ? EXIT_SUCCESS : EXIT_FAILURE;
|
return i == j ? EXIT_SUCCESS : EXIT_FAILURE;
|
||||||
|
|
|
@ -7,26 +7,24 @@ TEST(audit_loginuid_from_pid) {
|
||||||
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
_cleanup_(pidref_done) PidRef self = PIDREF_NULL, pid1 = PIDREF_NULL;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
ASSERT_OK(pidref_set_self(&self));
|
assert_se(pidref_set_self(&self) >= 0);
|
||||||
ASSERT_OK(pidref_set_pid(&pid1, 1));
|
assert_se(pidref_set_pid(&pid1, 1) >= 0);
|
||||||
|
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
r = audit_loginuid_from_pid(&self, &uid);
|
r = audit_loginuid_from_pid(&self, &uid);
|
||||||
if (r != -ENODATA)
|
assert_se(r >= 0 || r == -ENODATA);
|
||||||
ASSERT_OK(r);
|
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
log_info("self audit login uid: " UID_FMT, uid);
|
log_info("self audit login uid: " UID_FMT, uid);
|
||||||
|
|
||||||
ASSERT_ERROR(audit_loginuid_from_pid(&pid1, &uid), ENODATA);
|
assert_se(audit_loginuid_from_pid(&pid1, &uid) == -ENODATA);
|
||||||
|
|
||||||
uint32_t sessionid;
|
uint32_t sessionid;
|
||||||
r = audit_session_from_pid(&self, &sessionid);
|
r = audit_session_from_pid(&self, &sessionid);
|
||||||
if (r != -ENODATA)
|
assert_se(r >= 0 || r == -ENODATA);
|
||||||
ASSERT_OK(r);
|
|
||||||
if (r >= 0)
|
if (r >= 0)
|
||||||
log_info("self audit session id: %" PRIu32, sessionid);
|
log_info("self audit session id: %" PRIu32, sessionid);
|
||||||
|
|
||||||
ASSERT_ERROR(audit_session_from_pid(&pid1, &sessionid), ENODATA);
|
assert_se(audit_session_from_pid(&pid1, &sessionid) == -ENODATA);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int intro(void) {
|
static int intro(void) {
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
({ \
|
({ \
|
||||||
typeof(ret) _r = (ret); \
|
typeof(ret) _r = (ret); \
|
||||||
user_record_unref(*_r); \
|
user_record_unref(*_r); \
|
||||||
assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(SD_JSON_BUILD_PAIR_STRING("disposition", "regular"), __VA_ARGS__)) >= 0); \
|
assert_se(user_record_build((ret), SD_JSON_BUILD_OBJECT(__VA_ARGS__)) >= 0); \
|
||||||
0; \
|
0; \
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -363,7 +363,7 @@ def test_config_priority(tmp_path):
|
||||||
assert opts.pcr_public_keys == ['PKEY2', 'some/path8']
|
assert opts.pcr_public_keys == ['PKEY2', 'some/path8']
|
||||||
assert opts.pcr_banks == ['SHA1', 'SHA256']
|
assert opts.pcr_banks == ['SHA1', 'SHA256']
|
||||||
assert opts.signing_engine == 'ENGINE'
|
assert opts.signing_engine == 'ENGINE'
|
||||||
assert opts.signtool == 'sbsign' # from args
|
assert opts.signtool == ukify.SbSign # from args
|
||||||
assert opts.sb_key == 'SBKEY' # from args
|
assert opts.sb_key == 'SBKEY' # from args
|
||||||
assert opts.sb_cert == pathlib.Path('SBCERT') # from args
|
assert opts.sb_cert == pathlib.Path('SBCERT') # from args
|
||||||
assert opts.sb_certdir == 'some/path5' # from config
|
assert opts.sb_certdir == 'some/path5' # from config
|
||||||
|
|
|
@ -267,7 +267,7 @@ class UkifyConfig:
|
||||||
signing_engine: Optional[str]
|
signing_engine: Optional[str]
|
||||||
signing_provider: Optional[str]
|
signing_provider: Optional[str]
|
||||||
certificate_provider: Optional[str]
|
certificate_provider: Optional[str]
|
||||||
signtool: Optional[str]
|
signtool: Optional[type['SignTool']]
|
||||||
splash: Optional[Path]
|
splash: Optional[Path]
|
||||||
stub: Path
|
stub: Path
|
||||||
summary: bool
|
summary: bool
|
||||||
|
@ -466,17 +466,6 @@ class SignTool:
|
||||||
def verify(opts: UkifyConfig) -> bool:
|
def verify(opts: UkifyConfig) -> bool:
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def from_string(name) -> type['SignTool']:
|
|
||||||
if name == 'pesign':
|
|
||||||
return PeSign
|
|
||||||
elif name == 'sbsign':
|
|
||||||
return SbSign
|
|
||||||
elif name == 'systemd-sbsign':
|
|
||||||
return SystemdSbSign
|
|
||||||
else:
|
|
||||||
raise ValueError(f'Invalid sign tool: {name!r}')
|
|
||||||
|
|
||||||
|
|
||||||
class PeSign(SignTool):
|
class PeSign(SignTool):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -1152,16 +1141,15 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
|
|
||||||
if opts.linux and sign_args_present:
|
if opts.linux and sign_args_present:
|
||||||
assert opts.signtool is not None
|
assert opts.signtool is not None
|
||||||
signtool = SignTool.from_string(opts.signtool)
|
|
||||||
|
|
||||||
if not sign_kernel:
|
if not sign_kernel:
|
||||||
# figure out if we should sign the kernel
|
# figure out if we should sign the kernel
|
||||||
sign_kernel = signtool.verify(opts)
|
sign_kernel = opts.signtool.verify(opts)
|
||||||
|
|
||||||
if sign_kernel:
|
if sign_kernel:
|
||||||
linux_signed = tempfile.NamedTemporaryFile(prefix='linux-signed')
|
linux_signed = tempfile.NamedTemporaryFile(prefix='linux-signed')
|
||||||
linux = Path(linux_signed.name)
|
linux = Path(linux_signed.name)
|
||||||
signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
|
opts.signtool.sign(os.fspath(opts.linux), os.fspath(linux), opts=opts)
|
||||||
|
|
||||||
if opts.uname is None and opts.linux is not None:
|
if opts.uname is None and opts.linux is not None:
|
||||||
print('Kernel version not specified, starting autodetection 😖.')
|
print('Kernel version not specified, starting autodetection 😖.')
|
||||||
|
@ -1322,9 +1310,7 @@ def make_uki(opts: UkifyConfig) -> None:
|
||||||
|
|
||||||
if sign_args_present:
|
if sign_args_present:
|
||||||
assert opts.signtool is not None
|
assert opts.signtool is not None
|
||||||
signtool = SignTool.from_string(opts.signtool)
|
opts.signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts)
|
||||||
|
|
||||||
signtool.sign(os.fspath(unsigned_output), os.fspath(opts.output), opts)
|
|
||||||
|
|
||||||
# We end up with no executable bits, let's reapply them
|
# We end up with no executable bits, let's reapply them
|
||||||
os.umask(umask := os.umask(0))
|
os.umask(umask := os.umask(0))
|
||||||
|
@ -1677,6 +1663,26 @@ class ConfigItem:
|
||||||
return (section_name, key, value)
|
return (section_name, key, value)
|
||||||
|
|
||||||
|
|
||||||
|
class SignToolAction(argparse.Action):
|
||||||
|
def __call__(
|
||||||
|
self,
|
||||||
|
parser: argparse.ArgumentParser,
|
||||||
|
namespace: argparse.Namespace,
|
||||||
|
values: Union[str, Sequence[Any], None] = None,
|
||||||
|
option_string: Optional[str] = None,
|
||||||
|
) -> None:
|
||||||
|
if values is None:
|
||||||
|
setattr(namespace, 'signtool', None)
|
||||||
|
elif values == 'sbsign':
|
||||||
|
setattr(namespace, 'signtool', SbSign)
|
||||||
|
elif values == 'pesign':
|
||||||
|
setattr(namespace, 'signtool', PeSign)
|
||||||
|
elif values == 'systemd-sbsign':
|
||||||
|
setattr(namespace, 'signtool', SystemdSbSign)
|
||||||
|
else:
|
||||||
|
raise ValueError(f"Unknown signtool '{values}' (this is unreachable)")
|
||||||
|
|
||||||
|
|
||||||
VERBS = ('build', 'genkey', 'inspect')
|
VERBS = ('build', 'genkey', 'inspect')
|
||||||
|
|
||||||
CONFIG_ITEMS = [
|
CONFIG_ITEMS = [
|
||||||
|
@ -1850,6 +1856,7 @@ CONFIG_ITEMS = [
|
||||||
ConfigItem(
|
ConfigItem(
|
||||||
'--signtool',
|
'--signtool',
|
||||||
choices=('sbsign', 'pesign', 'systemd-sbsign'),
|
choices=('sbsign', 'pesign', 'systemd-sbsign'),
|
||||||
|
action=SignToolAction,
|
||||||
dest='signtool',
|
dest='signtool',
|
||||||
help=(
|
help=(
|
||||||
'whether to use sbsign or pesign. It will also be inferred by the other '
|
'whether to use sbsign or pesign. It will also be inferred by the other '
|
||||||
|
@ -2166,24 +2173,24 @@ def finalize_options(opts: argparse.Namespace) -> None:
|
||||||
)
|
)
|
||||||
elif bool(opts.sb_key) and bool(opts.sb_cert):
|
elif bool(opts.sb_key) and bool(opts.sb_cert):
|
||||||
# both param given, infer sbsign and in case it was given, ensure signtool=sbsign
|
# both param given, infer sbsign and in case it was given, ensure signtool=sbsign
|
||||||
if opts.signtool and opts.signtool not in ('sbsign', 'systemd-sbsign'):
|
if opts.signtool and opts.signtool not in (SbSign, SystemdSbSign):
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501
|
f'Cannot provide --signtool={opts.signtool} with --secureboot-private-key= and --secureboot-certificate=' # noqa: E501
|
||||||
)
|
)
|
||||||
if not opts.signtool:
|
if not opts.signtool:
|
||||||
opts.signtool = 'sbsign'
|
opts.signtool = SbSign
|
||||||
elif bool(opts.sb_cert_name):
|
elif bool(opts.sb_cert_name):
|
||||||
# sb_cert_name given, infer pesign and in case it was given, ensure signtool=pesign
|
# sb_cert_name given, infer pesign and in case it was given, ensure signtool=pesign
|
||||||
if opts.signtool and opts.signtool != 'pesign':
|
if opts.signtool and opts.signtool != PeSign:
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
f'Cannot provide --signtool={opts.signtool} with --secureboot-certificate-name='
|
f'Cannot provide --signtool={opts.signtool} with --secureboot-certificate-name='
|
||||||
)
|
)
|
||||||
opts.signtool = 'pesign'
|
opts.signtool = PeSign
|
||||||
|
|
||||||
if opts.signing_provider and opts.signtool != 'systemd-sbsign':
|
if opts.signing_provider and opts.signtool != SystemdSbSign:
|
||||||
raise ValueError('--signing-provider= can only be used with--signtool=systemd-sbsign')
|
raise ValueError('--signing-provider= can only be used with--signtool=systemd-sbsign')
|
||||||
|
|
||||||
if opts.certificate_provider and opts.signtool != 'systemd-sbsign':
|
if opts.certificate_provider and opts.signtool != SystemdSbSign:
|
||||||
raise ValueError('--certificate-provider= can only be used with--signtool=systemd-sbsign')
|
raise ValueError('--certificate-provider= can only be used with--signtool=systemd-sbsign')
|
||||||
|
|
||||||
if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name:
|
if opts.sign_kernel and not opts.sb_key and not opts.sb_cert_name:
|
||||||
|
|
|
@ -23,7 +23,6 @@
|
||||||
#include "user-util.h"
|
#include "user-util.h"
|
||||||
#include "userdb.h"
|
#include "userdb.h"
|
||||||
#include "verbs.h"
|
#include "verbs.h"
|
||||||
#include "virt.h"
|
|
||||||
|
|
||||||
static enum {
|
static enum {
|
||||||
OUTPUT_CLASSIC,
|
OUTPUT_CLASSIC,
|
||||||
|
@ -140,16 +139,10 @@ static int show_user(UserRecord *ur, Table *table) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool test_show_mapped(void) {
|
|
||||||
/* Show mapped user range only in environments where user mapping is a thing. */
|
|
||||||
return running_in_userns() > 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const struct {
|
static const struct {
|
||||||
uid_t first, last;
|
uid_t first, last;
|
||||||
const char *name;
|
const char *name;
|
||||||
UserDisposition disposition;
|
UserDisposition disposition;
|
||||||
bool (*test)(void);
|
|
||||||
} uid_range_table[] = {
|
} uid_range_table[] = {
|
||||||
{
|
{
|
||||||
.first = 1,
|
.first = 1,
|
||||||
|
@ -182,12 +175,11 @@ static const struct {
|
||||||
.last = MAP_UID_MAX,
|
.last = MAP_UID_MAX,
|
||||||
.name = "mapped",
|
.name = "mapped",
|
||||||
.disposition = USER_REGULAR,
|
.disposition = USER_REGULAR,
|
||||||
.test = test_show_mapped,
|
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r, n_added = 0;
|
int r;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
|
@ -200,9 +192,6 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (i->test && !i->test())
|
|
||||||
continue;
|
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " users ",
|
" begin ", i->name, " users ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -260,11 +249,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
n_added += 2;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return n_added;
|
return ELEMENTSOF(uid_range_table) * 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||||
|
@ -578,22 +565,16 @@ static int show_group(GroupRecord *gr, Table *table) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
int r, n_added = 0;
|
int r;
|
||||||
|
|
||||||
assert(table);
|
assert(table);
|
||||||
|
|
||||||
FOREACH_ELEMENT(i, uid_range_table) {
|
FOREACH_ELEMENT(i, uid_range_table) {
|
||||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||||
|
|
||||||
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (i->test && !i->test())
|
|
||||||
continue;
|
|
||||||
|
|
||||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||||
" begin ", i->name, " groups ",
|
" begin ", i->name, " groups ",
|
||||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||||
|
@ -645,11 +626,9 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return table_log_add_error(r);
|
return table_log_add_error(r);
|
||||||
|
|
||||||
n_added += 2;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return n_added;
|
return ELEMENTSOF(uid_range_table) * 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||||
|
|
|
@ -2182,10 +2182,6 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
|
||||||
|
|
||||||
(void) sd_event_add_signal(event, NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, NULL);
|
(void) sd_event_add_signal(event, NULL, (SIGRTMIN+18) | SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, NULL);
|
||||||
|
|
||||||
r = sd_event_add_memory_pressure(event, NULL, NULL, NULL);
|
|
||||||
if (r < 0)
|
|
||||||
log_debug_errno(r, "Failed allocate memory pressure event source, ignoring: %m");
|
|
||||||
|
|
||||||
/* Exit when the child exits */
|
/* Exit when the child exits */
|
||||||
(void) event_add_child_pidref(event, NULL, &child_pidref, WEXITED, on_child_exit, NULL);
|
(void) event_add_child_pidref(event, NULL, &child_pidref, WEXITED, on_child_exit, NULL);
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
[Match]
|
||||||
|
Name=router-low
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
IPv6AcceptRA=no
|
||||||
|
IPv6SendRA=yes
|
||||||
|
|
||||||
|
[IPv6SendRA]
|
||||||
|
# changed from low to high
|
||||||
|
RouterPreference=high
|
||||||
|
EmitDNS=no
|
||||||
|
EmitDomains=no
|
||||||
|
|
||||||
|
[IPv6Prefix]
|
||||||
|
Prefix=2002:da8:1:98::/64
|
||||||
|
PreferredLifetimeSec=1000s
|
||||||
|
ValidLifetimeSec=2100s
|
|
@ -0,0 +1,18 @@
|
||||||
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
|
[Match]
|
||||||
|
Name=router-high
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
IPv6AcceptRA=no
|
||||||
|
IPv6SendRA=yes
|
||||||
|
|
||||||
|
[IPv6SendRA]
|
||||||
|
# changed from high to low
|
||||||
|
RouterPreference=low
|
||||||
|
EmitDNS=no
|
||||||
|
EmitDomains=no
|
||||||
|
|
||||||
|
[IPv6Prefix]
|
||||||
|
Prefix=2002:da8:1:99::/64
|
||||||
|
PreferredLifetimeSec=1000s
|
||||||
|
ValidLifetimeSec=2100s
|
|
@ -6391,27 +6391,6 @@ class NetworkdRATests(unittest.TestCase, Utilities):
|
||||||
|
|
||||||
self.check_ipv6_sysctl_attr('client', 'hop_limit', '43')
|
self.check_ipv6_sysctl_attr('client', 'hop_limit', '43')
|
||||||
|
|
||||||
def check_router_preference(self, suffix, metric_1, preference_1, metric_2, preference_2):
|
|
||||||
self.wait_online('client:routable')
|
|
||||||
self.wait_address('client', f'2002:da8:1:99:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
|
|
||||||
self.wait_address('client', f'2002:da8:1:98:1034:56ff:fe78:9a{suffix}/64', ipv='-6', timeout_sec=10)
|
|
||||||
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1}', ipv='-6', timeout_sec=10)
|
|
||||||
self.wait_route('client', rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2}', ipv='-6', timeout_sec=10)
|
|
||||||
|
|
||||||
print('### ip -6 route show dev client default')
|
|
||||||
output = check_output('ip -6 route show dev client default')
|
|
||||||
print(output)
|
|
||||||
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric {metric_1} expires [0-9]*sec pref {preference_1}')
|
|
||||||
self.assertRegex(output, rf'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric {metric_2} expires [0-9]*sec pref {preference_2}')
|
|
||||||
|
|
||||||
for i in [100, 200, 300, 512, 1024, 2048]:
|
|
||||||
if i not in [metric_1, metric_2]:
|
|
||||||
self.assertNotIn(f'metric {i} ', output)
|
|
||||||
|
|
||||||
for i in ['low', 'medium', 'high']:
|
|
||||||
if i not in [preference_1, preference_2]:
|
|
||||||
self.assertNotIn(f'pref {i}', output)
|
|
||||||
|
|
||||||
def test_router_preference(self):
|
def test_router_preference(self):
|
||||||
copy_network_unit('25-veth-client.netdev',
|
copy_network_unit('25-veth-client.netdev',
|
||||||
'25-veth-router-high.netdev',
|
'25-veth-router-high.netdev',
|
||||||
|
@ -6430,47 +6409,72 @@ class NetworkdRATests(unittest.TestCase, Utilities):
|
||||||
|
|
||||||
networkctl_reconfigure('client')
|
networkctl_reconfigure('client')
|
||||||
self.wait_online('client:routable')
|
self.wait_online('client:routable')
|
||||||
self.check_router_preference('00', 512, 'high', 2048, 'low')
|
|
||||||
|
|
||||||
# change the map from preference to metric.
|
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a00/64', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048', ipv='-6', timeout_sec=10)
|
||||||
|
|
||||||
|
print('### ip -6 route show dev client default')
|
||||||
|
output = check_output('ip -6 route show dev client default')
|
||||||
|
print(output)
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 512 expires [0-9]*sec pref high')
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 2048 expires [0-9]*sec pref low')
|
||||||
|
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-client.network'), mode='a', encoding='utf-8') as f:
|
with open(os.path.join(network_unit_dir, '25-veth-client.network'), mode='a', encoding='utf-8') as f:
|
||||||
f.write('\n[Link]\nMACAddress=12:34:56:78:9a:01\n[IPv6AcceptRA]\nRouteMetric=100:200:300\n')
|
f.write('\n[Link]\nMACAddress=12:34:56:78:9a:01\n[IPv6AcceptRA]\nRouteMetric=100:200:300\n')
|
||||||
|
|
||||||
networkctl_reload()
|
networkctl_reload()
|
||||||
self.check_router_preference('01', 100, 'high', 300, 'low')
|
self.wait_online('client:routable')
|
||||||
|
|
||||||
|
self.wait_address('client', '2002:da8:1:99:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_address('client', '2002:da8:1:98:1034:56ff:fe78:9a01/64', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300', ipv='-6', timeout_sec=10)
|
||||||
|
|
||||||
|
print('### ip -6 route show dev client default')
|
||||||
|
output = check_output('ip -6 route show dev client default')
|
||||||
|
print(output)
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100 expires [0-9]*sec pref high')
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300 expires [0-9]*sec pref low')
|
||||||
|
self.assertNotIn('metric 512', output)
|
||||||
|
self.assertNotIn('metric 2048', output)
|
||||||
|
|
||||||
# swap the preference (for issue #28439)
|
# swap the preference (for issue #28439)
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
remove_network_unit('25-veth-router-high.network', '25-veth-router-low.network')
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=low\n')
|
copy_network_unit('25-veth-router-high2.network', '25-veth-router-low2.network')
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=high\n')
|
|
||||||
networkctl_reload()
|
networkctl_reload()
|
||||||
self.check_router_preference('01', 300, 'low', 100, 'high')
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100', ipv='-6', timeout_sec=10)
|
||||||
|
|
||||||
|
print('### ip -6 route show dev client default')
|
||||||
|
output = check_output('ip -6 route show dev client default')
|
||||||
|
print(output)
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 300 expires [0-9]*sec pref low')
|
||||||
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 100 expires [0-9]*sec pref high')
|
||||||
|
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 100')
|
||||||
|
self.assertNotRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 300')
|
||||||
|
self.assertNotIn('metric 512', output)
|
||||||
|
self.assertNotIn('metric 2048', output)
|
||||||
|
|
||||||
# Use the same preference, and check if the two routes are not coalesced. See issue #33470.
|
# Use the same preference, and check if the two routes are not coalesced. See issue #33470.
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
with open(os.path.join(network_unit_dir, '25-veth-router-high2.network'), mode='a', encoding='utf-8') as f:
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
|
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
with open(os.path.join(network_unit_dir, '25-veth-router-low2.network'), mode='a', encoding='utf-8') as f:
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
|
f.write('\n[IPv6SendRA]\nRouterPreference=medium\n')
|
||||||
networkctl_reload()
|
networkctl_reload()
|
||||||
self.check_router_preference('01', 200, 'medium', 200, 'medium')
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200', ipv='-6', timeout_sec=10)
|
||||||
|
self.wait_route('client', r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200', ipv='-6', timeout_sec=10)
|
||||||
|
|
||||||
# Use route options to configure default routes.
|
print('### ip -6 route show dev client default')
|
||||||
# The preference specified in the RA header should be ignored. See issue #33468.
|
output = check_output('ip -6 route show dev client default')
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
print(output)
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=high\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a99 proto ra metric 200 expires [0-9]*sec pref medium')
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
self.assertRegex(output, r'default nhid [0-9]* via fe80::1034:56ff:fe78:9a98 proto ra metric 200 expires [0-9]*sec pref medium')
|
||||||
f.write('\n[IPv6SendRA]\nRouterPreference=low\n[IPv6RoutePrefix]\nRoute=::/0\nLifetimeSec=1200\n')
|
self.assertNotIn('pref high', output)
|
||||||
networkctl_reload()
|
self.assertNotIn('pref low', output)
|
||||||
self.check_router_preference('01', 200, 'medium', 200, 'medium')
|
self.assertNotIn('metric 512', output)
|
||||||
|
self.assertNotIn('metric 2048', output)
|
||||||
# Set zero lifetime to the route options.
|
|
||||||
# The preference specified in the RA header should be used.
|
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-high.network'), mode='a', encoding='utf-8') as f:
|
|
||||||
f.write('LifetimeSec=0\n')
|
|
||||||
with open(os.path.join(network_unit_dir, '25-veth-router-low.network'), mode='a', encoding='utf-8') as f:
|
|
||||||
f.write('LifetimeSec=0\n')
|
|
||||||
networkctl_reload()
|
|
||||||
self.check_router_preference('01', 100, 'high', 300, 'low')
|
|
||||||
|
|
||||||
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
|
def _test_ndisc_vs_static_route(self, manage_foreign_nexthops):
|
||||||
if not manage_foreign_nexthops:
|
if not manage_foreign_nexthops:
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
||||||
|
|
||||||
set -eux
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
# shellcheck source=test/units/util.sh
|
|
||||||
. "$(dirname "$0")"/util.sh
|
|
||||||
|
|
||||||
(! systemd-run --wait -p DynamicUser=yes \
|
|
||||||
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
|
||||||
-p WorkingDirectory='~' true)
|
|
||||||
|
|
||||||
assert_eq "$(systemd-run --pipe --uid=root -p WorkingDirectory='~' pwd)" "/root"
|
|
||||||
assert_eq "$(systemd-run --pipe --uid=nobody -p WorkingDirectory='~' pwd)" "/"
|
|
||||||
assert_eq "$(systemd-run --pipe --uid=testuser -p WorkingDirectory='~' pwd)" "/home/testuser"
|
|
||||||
|
|
||||||
(! systemd-run --wait -p DynamicUser=yes -p User=testuser \
|
|
||||||
-p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env \
|
|
||||||
-p WorkingDirectory='~' true)
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||||
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
{% if LINK_SSH_PROXY_DROPIN %}
|
{% if LINK_SSH_PROXY_DROPIN %}
|
||||||
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
||||||
# from initrd into /run/, so that it will survive the initrd stage
|
# from initrd into /run/, so that it will survive the initrd stage
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
{% if LINK_SSHD_USERDB_DROPIN %}
|
{% if LINK_SSHD_USERDB_DROPIN %}
|
||||||
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
d /etc/credstore 0700 root root
|
d /etc/credstore 0700 root root
|
||||||
d /etc/credstore.encrypted 0700 root root
|
d /etc/credstore.encrypted 0700 root root
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
L /etc/os-release - - - - ../usr/lib/os-release
|
L /etc/os-release - - - - ../usr/lib/os-release
|
||||||
L+ /etc/mtab - - - - ../proc/self/mounts
|
L+ /etc/mtab - - - - ../proc/self/mounts
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
Q /home 0755 - - -
|
Q /home 0755 - - -
|
||||||
q /srv 0755 - - -
|
q /srv 0755 - - -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Set the NOCOW attribute for directories of journal files. This flag
|
# Set the NOCOW attribute for directories of journal files. This flag
|
||||||
# is inherited by their new files and sub-directories. Matters only
|
# is inherited by their new files and sub-directories. Matters only
|
||||||
|
|
|
@ -5,28 +5,26 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# The functionality provided by these files and directories has been replaced
|
# These files are considered legacy and are unnecessary on legacy-free
|
||||||
# by newer interfaces. Their use is discouraged on legacy-free systems. This
|
# systems.
|
||||||
# configuration is provided to maintain backward compatibility.
|
|
||||||
|
|
||||||
d /run/lock 0755 root root -
|
d /run/lock 0755 root root -
|
||||||
L /var/lock - - - - ../run/lock
|
L /var/lock - - - - ../run/lock
|
||||||
|
|
||||||
{% if HAVE_SYSV_COMPAT %}
|
|
||||||
{% if CREATE_LOG_DIRS %}
|
{% if CREATE_LOG_DIRS %}
|
||||||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||||
# hence without use on SysV-less systems.
|
# hence without use on SysV-less systems.
|
||||||
|
|
||||||
d /run/lock/subsys 0755 root root -
|
d /run/lock/subsys 0755 root root -
|
||||||
|
|
||||||
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
||||||
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
||||||
# 'quotacheck.mode=force'
|
# 'quotacheck.mode=force'
|
||||||
|
|
||||||
r! /forcefsck
|
r! /forcefsck
|
||||||
r! /fastboot
|
r! /fastboot
|
||||||
r! /forcequotacheck
|
r! /forcequotacheck
|
||||||
{% endif %}
|
|
||||||
|
|
|
@ -35,7 +35,7 @@ in_files = [
|
||||||
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
||||||
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
||||||
['etc.conf'],
|
['etc.conf'],
|
||||||
['legacy.conf'],
|
['legacy.conf', 'HAVE_SYSV_COMPAT'],
|
||||||
['static-nodes-permissions.conf'],
|
['static-nodes-permissions.conf'],
|
||||||
['systemd.conf'],
|
['systemd.conf'],
|
||||||
['var.conf'],
|
['var.conf'],
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
Q /var/lib/portables 0700
|
Q /var/lib/portables 0700
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Provision additional login messages from credentials, if they are set. Note
|
# Provision additional login messages from credentials, if they are set. Note
|
||||||
# that these lines are NOPs if the credentials are not set or if the files
|
# that these lines are NOPs if the credentials are not set or if the files
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||||
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
Q /var/lib/machines 0700 - - -
|
Q /var/lib/machines 0700 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,6 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||||
x /tmp/systemd-private-%b-*
|
x /tmp/systemd-private-%b-*
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
d /run/user 0755 root root -
|
d /run/user 0755 root root -
|
||||||
{% if ENABLE_UTMP %}
|
{% if ENABLE_UTMP %}
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Clear tmp directories separately, to make them easier to override
|
# Clear tmp directories separately, to make them easier to override
|
||||||
q /tmp 1777 root root 10d
|
q /tmp 1777 root root 10d
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
q /var 0755 - - -
|
q /var 0755 - - -
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
# the Free Software Foundation; either version 2.1 of the License, or
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
# (at your option) any later version.
|
# (at your option) any later version.
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details.
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
# Make sure these are created by default so that nobody else can
|
# Make sure these are created by default so that nobody else can
|
||||||
# or empty them at startup
|
# or empty them at startup
|
||||||
|
|
|
@ -16,7 +16,6 @@ ConditionDirectoryNotEmpty=|/run/confexts
|
||||||
ConditionDirectoryNotEmpty=|/var/lib/confexts
|
ConditionDirectoryNotEmpty=|/var/lib/confexts
|
||||||
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
|
ConditionDirectoryNotEmpty=|/usr/local/lib/confexts
|
||||||
ConditionDirectoryNotEmpty=|/usr/lib/confexts
|
ConditionDirectoryNotEmpty=|/usr/lib/confexts
|
||||||
ConditionDirectoryNotEmpty=|/.extra/confext
|
|
||||||
|
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
After=local-fs.target
|
After=local-fs.target
|
||||||
|
|
Loading…
Reference in New Issue