Merge b24401e77c into 9bf6ffe166

man: split cryptenroll man page into sections (#35297 )
cryptenroll: it's called PKCS#11, not PKCS11
2024-11-22 13:40:12 +01:00 · 2024-11-22 12:01:07 +00:00 · 2024-11-22 10:42:37 +01:00 · 2024-11-22 10:42:37 +01:00 · 2024-11-22 10:38:19 +01:00 · 2024-11-22 04:15:51 +01:00
33 changed files with 164 additions and 65 deletions
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
 KEYBOARD_KEY_c01b6=images                              # My Pictures (F11)
 KEYBOARD_KEY_c01b7=audio                               # My Music (F12)
 # Logitech MX Keys for Mac
 evdev:input:b0003v046Dp4092*
 KEYBOARD_KEY_70035=102nd                               # '<' key
 KEYBOARD_KEY_70064=grave                               # '^' key
 ###########################################################
 # Maxdata
 ###########################################################
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@ -265,32 +265,11 @@
  </refsect1>
  <refsect1>
-    <title>Options</title>
+    <title>Unlocking</title>
-    <para>The following options are understood:</para>
+    <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
    <variablelist>
      <varlistentry>
        <term><option>--password</option></term>
        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
        <command>cryptsetup luksAddKey</command>, however may be combined with
        <option>--wipe-slot=</option> in one call, see below.</para>
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--recovery-key</option></term>
        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
        </para>
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
@ -328,7 +307,45 @@
        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Simple Enrollment</title>
    <para>The following options are understood that may be used to enroll simple user input based
    unlocking:</para>
    <variablelist>
      <varlistentry>
        <term><option>--password</option></term>
        <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
        <command>cryptsetup luksAddKey</command>, however may be combined with
        <option>--wipe-slot=</option> in one call, see below.</para>
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
      <varlistentry>
        <term><option>--recovery-key</option></term>
        <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
        computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
        key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
        </para>
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>PKCS#11 Enrollment</title>
    <para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
    <variablelist>
      <varlistentry>
        <term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
@ -361,7 +378,15 @@
        <xi:include href="version-info.xml" xpointer="v248"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>FIDO2 Enrollment</title>
    <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
    <variablelist>
      <varlistentry>
        <term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
        <listitem><para>Specify COSE algorithm used in credential generation. The default value is
@ -461,7 +486,15 @@
        <xi:include href="version-info.xml" xpointer="v249"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>TPM2 Enrollment</title>
    <para>The following options are understood that may be used to enroll TPM2 devices:</para>
    <variablelist>
      <varlistentry>
        <term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
@ -636,7 +669,15 @@
        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>
  <refsect1>
    <title>Other Options</title>
    <para>The following additional options are understood:</para>
    <variablelist>
      <varlistentry>
        <term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
--- a/po/uk.po
+++ b/po/uk.po
@ -9,8 +9,8 @@ msgid ""
 msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-11-06 14:42+0000\n"
-"PO-Revision-Date: 2024-11-20 19:13+0000\n"
+"PO-Revision-Date: 2024-11-21 19:38+0000\n"
-"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
+"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
 "systemd/main/uk/>\n"
 "Language: uk\n"
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
 #: src/home/org.freedesktop.home1.policy:53
 msgid "Update your home area"
-msgstr "Оновіть свій домашній простір"
+msgstr "Оновлення домашньої області"
 #: src/home/org.freedesktop.home1.policy:54
 msgid "Authentication is required to update your home area."
-msgstr "Для оновлення домашньої області потрібна автентифікація."
+msgstr "Для оновлення домашньої області слід пройти розпізнавання."
 #: src/home/org.freedesktop.home1.policy:63
 msgid "Resize a home area"
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
 msgid "Authentication is required to manage optional features"
-msgstr "Для керування додатковими функціями потрібна автентифікація"
+msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
 #: src/timedate/org.freedesktop.timedate1.policy:22
 msgid "Set system time"
--- a/shell-completion/bash/systemd-cryptenroll
+++ b/shell-completion/bash/systemd-cryptenroll
@ -38,19 +38,12 @@ __get_tpm2_devices() {
    done
 }
 __get_block_devices() {
    local i
    for i in /dev/*; do
        [ -b "$i" ] && printf '%s\n' "$i"
    done
 }
 _systemd_cryptenroll() {
    local comps
    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local -A OPTS=(
        [STANDALONE]='-h --help --version
-                     --password --recovery-key'
+                     --password --recovery-key --list-devices'
        [ARG]='--unlock-key-file
               --unlock-fido2-device
               --unlock-tpm2-device
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
        return 0
    fi
-    comps=$(__get_block_devices)
+    comps=$(systemd-cryptenroll --list-devices)
    COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
    return 0
 }
--- a/src/core/service.c
+++ b/src/core/service.c
@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
                        return 0;
                }
-                r = service_add_fd_store(s, fd, fdn, do_poll);
+                r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
                if (r < 0) {
                        log_unit_debug_errno(u, r,
                                             "Failed to store deserialized fd '%s', ignoring: %m", fdn);
                        return 0;
                }
                TAKE_FD(fd);
        } else if (streq(key, "extra-fd")) {
                _cleanup_free_ char *fdv = NULL, *fdn = NULL;
                _cleanup_close_ int fd = -EBADF;
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@ -193,7 +193,7 @@ static int help(void) {
               "\n%3$sSimple Enrollment:%4$s\n"
               "     --password        Enroll a user-supplied password\n"
               "     --recovery-key    Enroll a recovery key\n"
-               "\n%3$sPKCS11 Enrollment:%4$s\n"
+               "\n%3$sPKCS#11 Enrollment:%4$s\n"
               "     --pkcs11-token-uri=URI\n"
               "                       Specify PKCS#11 security token URI\n"
               "\n%3$sFIDO2 Enrollment:%4$s\n"
--- a/src/resolve/resolved-conf.c
+++ b/src/resolve/resolved-conf.c
@ -414,3 +414,46 @@ int manager_parse_config_file(Manager *m) {
        return 0;
 }
 int config_parse_refuse_record_types(
                const char *unit,
                const char *filename,
                unsigned line,
                const char *section,
                unsigned section_line,
                const char *lvalue,
                int ltype,
                const char *rvalue,
                void *data,
                void *userdata) {
        Manager *m = ASSERT_PTR(userdata);
        int r;
        Set *refused_records = NULL;
        refused_records = set_free(refused_records);
        for (const char *p = rvalue;;) {
               _cleanup_free_ char *word = NULL;
               r = extract_first_word(&p, &word, ",", EXTRACT_UNQUOTE);
               if (r < 0)
                       return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue);
               if (r == 0)
                       break;
               r = dns_type_from_string(word);
               if (r < 0) {
                     log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid DNS record type, ignoring: %s", word);
                     continue;
               }
               r = set_ensure_put(&refused_records, NULL, INT_TO_PTR(r));
               if (r < 0)
                      return log_oom();
        }
        m->refuse_record_types = refused_records;
        return 1;
 }
--- a/src/resolve/resolved-conf.h
+++ b/src/resolve/resolved-conf.h
@ -24,3 +24,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dns_servers);
 CONFIG_PARSER_PROTOTYPE(config_parse_search_domains);
 CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_mode);
 CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_extra);
 CONFIG_PARSER_PROTOTYPE(config_parse_refuse_record_types);
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@ -480,6 +480,12 @@ int dns_query_new(
        assert(m);
        /* Check for records that is refused and refuse query for the records if matched in configuration */
        DNS_QUESTION_FOREACH(key, question_utf8)
                if (set_contains(m->refuse_record_types, INT_TO_PTR(key->type))) {
                        return log_debug_errno(SYNTHETIC_ERRNO(ENOANO), "Got request for %s record that is refused.", dns_type_to_string(key->type));
                }
        if (question_bypass) {
                /* It's either a "bypass" query, or a regular one, but can't be both. */
                if (question_utf8 || question_idna)
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@ -996,6 +996,12 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
                                  (DNS_PACKET_CD(p) ? SD_RESOLVED_NO_VALIDATE | SD_RESOLVED_NO_CACHE : 0)|
                                  (DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
                                  SD_RESOLVED_CLAMP_TTL);
        /* Refuse query if there is -ENOSYS */
        if (r == -ENOANO) {
                return (void) dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
        }
        if (r < 0) {
                log_error_errno(r, "Failed to generate query object: %m");
                dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
--- a/src/resolve/resolved-gperf.gperf
+++ b/src/resolve/resolved-gperf.gperf
@ -33,3 +33,4 @@ Resolve.ResolveUnicastSingleLabel, config_parse_bool,                    0,
 Resolve.DNSStubListenerExtra,      config_parse_dns_stub_listener_extra, 0,                   offsetof(Manager, dns_extra_stub_listeners)
 Resolve.CacheFromLocalhost,        config_parse_bool,                    0,                   offsetof(Manager, cache_from_localhost)
 Resolve.StaleRetentionSec,         config_parse_sec,                     0,                   offsetof(Manager, stale_retention_usec)
 Resolve.RefuseRecordTypes,         config_parse_refuse_record_types,     0,                   offsetof(Manager, refuse_record_types)
--- a/src/resolve/resolved-manager.h
+++ b/src/resolve/resolved-manager.h
@ -137,6 +137,9 @@ struct Manager {
        struct stat etc_hosts_stat;
        bool read_etc_hosts;
        /* List of refused DNS Record Types*/
        Set *refuse_record_types;
        OrderedSet *dns_extra_stub_listeners;
        /* Local DNS stub on 127.0.0.53:53 */
--- a/src/resolve/resolved.conf.in
+++ b/src/resolve/resolved.conf.in
@ -35,3 +35,4 @@
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
 #StaleRetentionSec=0
 #RefuseRecordTypes=
--- a/tmpfiles.d/20-systemd-shell-extra.conf.in
+++ b/tmpfiles.d/20-systemd-shell-extra.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 {% if LINK_SHELL_EXTRA_DROPIN %}
 L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
--- a/tmpfiles.d/20-systemd-ssh-generator.conf.in
+++ b/tmpfiles.d/20-systemd-ssh-generator.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 {% if LINK_SSH_PROXY_DROPIN %}
 L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
--- a/tmpfiles.d/20-systemd-stub.conf.in
+++ b/tmpfiles.d/20-systemd-stub.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Copy systemd-stub provided metadata such as PCR signature and public key file
 # from initrd into /run/, so that it will survive the initrd stage
--- a/tmpfiles.d/20-systemd-userdb.conf.in
+++ b/tmpfiles.d/20-systemd-userdb.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 {% if LINK_SSHD_USERDB_DROPIN %}
 L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
--- a/tmpfiles.d/credstore.conf
+++ b/tmpfiles.d/credstore.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 d /etc/credstore 0700 root root
 d /etc/credstore.encrypted 0700 root root
--- a/tmpfiles.d/etc.conf.in
+++ b/tmpfiles.d/etc.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 L /etc/os-release - - - - ../usr/lib/os-release
 L+ /etc/mtab - - - - ../proc/self/mounts
--- a/tmpfiles.d/home.conf
+++ b/tmpfiles.d/home.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 Q /home 0755 - - -
 q /srv 0755 - - -
--- a/tmpfiles.d/journal-nocow.conf
+++ b/tmpfiles.d/journal-nocow.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Set the NOCOW attribute for directories of journal files. This flag
 # is inherited by their new files and sub-directories. Matters only
--- a/tmpfiles.d/legacy.conf.in
+++ b/tmpfiles.d/legacy.conf.in
@ -5,10 +5,11 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
-# These files are considered legacy and are unnecessary on legacy-free
+# The functionality provided by these files and directories has been replaced
-# systems.
+# by newer interfaces. Their use is discouraged on legacy-free systems. This
 # configuration is provided to maintain backward compatibility.
 d /run/lock 0755 root root -
 L /var/lock - - - - ../run/lock
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
 L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
 {% endif %}
 {% if HAVE_SYSV_COMPAT %}
 # /run/lock/subsys is used for serializing SysV service execution, and
 # hence without use on SysV-less systems.
 d /run/lock/subsys 0755 root root -
 # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
 # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
 # 'quotacheck.mode=force'
 r! /forcefsck
 r! /fastboot
 r! /forcequotacheck
 {% endif %}
--- a/tmpfiles.d/meson.build
+++ b/tmpfiles.d/meson.build
@ -35,7 +35,7 @@ in_files = [
        ['20-systemd-stub.conf',          'ENABLE_EFI'],
        ['20-systemd-userdb.conf',        'ENABLE_SSH_USERDB_CONFIG'],
        ['etc.conf'],
-        ['legacy.conf',                   'HAVE_SYSV_COMPAT'],
+        ['legacy.conf'],
        ['static-nodes-permissions.conf'],
        ['systemd.conf'],
        ['var.conf'],
--- a/tmpfiles.d/portables.conf
+++ b/tmpfiles.d/portables.conf
@ -1,4 +1,4 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 Q /var/lib/portables 0700
--- a/tmpfiles.d/provision.conf
+++ b/tmpfiles.d/provision.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Provision additional login messages from credentials, if they are set. Note
 # that these lines are NOPs if the credentials are not set or if the files
--- a/tmpfiles.d/systemd-network.conf
+++ b/tmpfiles.d/systemd-network.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 d$ /run/systemd/netif        0755 systemd-network systemd-network -
 d$ /run/systemd/netif/links  0755 systemd-network systemd-network -
--- a/tmpfiles.d/systemd-nspawn.conf
+++ b/tmpfiles.d/systemd-nspawn.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 Q /var/lib/machines 0700 - - -
--- a/tmpfiles.d/systemd-resolve.conf
+++ b/tmpfiles.d/systemd-resolve.conf
@ -5,6 +5,6 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
--- a/tmpfiles.d/systemd-tmp.conf
+++ b/tmpfiles.d/systemd-tmp.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Exclude namespace mountpoints created with PrivateTmp=yes
 x /tmp/systemd-private-%b-*
--- a/tmpfiles.d/systemd.conf.in
+++ b/tmpfiles.d/systemd.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 d /run/user 0755 root root -
 {% if ENABLE_UTMP %}
--- a/tmpfiles.d/tmp.conf
+++ b/tmpfiles.d/tmp.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Clear tmp directories separately, to make them easier to override
 q /tmp 1777 root root 10d
--- a/tmpfiles.d/var.conf.in
+++ b/tmpfiles.d/var.conf.in
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 q /var 0755 - - -
--- a/tmpfiles.d/x11.conf
+++ b/tmpfiles.d/x11.conf
@ -5,7 +5,7 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
-# See tmpfiles.d(5) for details
+# See tmpfiles.d(5) for details.
 # Make sure these are created by default so that nobody else can
 # or empty them at startup
Author	SHA1	Message	Date
Muhammad Nuzaihan Bin Kamal Luddin	d4807ec9da	Merge `b24401e77c` into `9bf6ffe166`	2024-11-22 13:40:12 +01:00
Luca Boccassi	9bf6ffe166	man: split cryptenroll man page into sections (#35297 )	2024-11-22 12:01:07 +00:00
Lennart Poettering	cc6baba720	cryptenroll: it's called PKCS#11, not PKCS11 In the --help text we really should use the official spelling, just like in the man page.	2024-11-22 10:42:37 +01:00
Lennart Poettering	3ae48d071c	man: add enrollment type sections to cryptenroll man page We have the same sections in the --help text, hence we even more so should have them in the man page.	2024-11-22 10:42:37 +01:00
Antonio Alvarez Feijoo	2ccacdd57c	bash-completion: add --list-devices to systemd-cryptenroll And also use it to list suitable block devices.	2024-11-22 10:38:19 +01:00
Yu Watanabe	d99198819c	core/service: service_add_fd_store() consumes passed fd Without this change, the fd is closed twice on failure. Fixes a bug introduced by `dff9808a62`. Fixes #35288.	2024-11-22 04:15:51 +01:00
Tobias Zimmermann	f70e5620b6	hwdb: Add quirk for Logitech MX Keys for Mac The KEY_102ND and KEY_GRAVE keys are switched on the Logitech MX Keys for Mac, so switch them back	2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek	3127c71bf4	Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278 )	2024-11-21 21:13:50 +01:00
Yuri Chornoivan	b153eebfb2	po: Translated using Weblate (Ukrainian) Currently translated at 100.0% (257 of 257 strings) Co-authored-by: Yuri Chornoivan <yurchor@ukr.net> Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/ Translation: systemd/main	2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek	2c06e40ae9	tmpfiles: add period at end of the sentence The license that is immediately above is properly punctuated and it looks sloppy when our line below isn't.	2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek	5ca9149464	tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf That file contains a bunch of entries of which only some are related to SysV. The rest are just "traditional APIs" that need to stay. In particular, /var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl). Similarly, the README about /var/log is something that should stay as long as we have people migrating from older systems or using the copiuos documentation that mentions /var/log/messages.txt on the Internet. /var/lock/subsys is only used by sysvinit, and our code to support /forcefsck, /fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so conditionalize those here on HAVE_SYSV_COMPAT too.	2024-11-21 18:32:46 +01:00
Muhammad Nuzaihan Bin Kamal Luddin	b24401e77c	set variable to be freed	2024-09-20 19:36:28 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	c8f16cc97c	fix all as recommended	2024-09-20 18:41:18 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	5507ec986f	log invalid dns type with error message	2024-09-18 01:55:35 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	fee8a01942	remove unneeded string variable and directly use the data	2024-09-17 18:15:35 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	2e9b9408d2	change log_info to log_debug	2024-09-17 16:25:02 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	f8599ea6fb	fix: finish up work as recommended	2024-09-17 16:23:48 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	18b5e47238	remove strv.h from include in resolved-dns-stub.c so it is cleaner	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	a7847d744e	generate missing header files	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	04031c10f8	fix meson and make ci/cd happy	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	84831eff33	Revert "make ci/cd pipelines happy" This reverts commit `69a6d3b193`.	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	a7a4b22282	make ci/cd pipelines happy	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	7f8faa1b9a	remove dns-type-c	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	bfed004837	do not cleanup and free Set *	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	1e79a8f8d6	Rework RecordRefuseType * Add new configuration parser which translates configuration values to int * Store ints in Set* * Check value if exists in set in DNS stub when user queries	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	18e8f0f1ce	remove stub	2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	4d041317df	rework to use RefuseRecordTypes=	2024-09-17 02:28:54 +08:00
Muhammad Nuzaihan Bin Kamal Luddin	9ea2a332c5	add an option to explicitly disable query IPv6 AAAA	2024-09-17 02:28:54 +08:00