Merge pull request #19215 from braewoods/main

hwdb: 60-keyboard:: Add quirks for 2 new HP laptops
tpm2-util: properly load tpm2 libraries befre unsealing
2025-10-06 20:24:45 +02:00 · 2021-04-06 18:52:11 +01:00 · 2021-04-06 18:43:24 +02:00 · 2021-04-06 18:42:30 +02:00 · 2021-04-06 17:00:29 +02:00 · 2021-04-06 16:15:13 +02:00
17 changed files with 53 additions and 24 deletions
--- a/hwdb.d/60-keyboard.hwdb
+++ b/hwdb.d/60-keyboard.hwdb
@ -684,6 +684,21 @@ evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHP*ProBook*645*G4*:*
 KEYBOARD_KEY_73=slash                                  # Slash key
 KEYBOARD_KEY_f8=wlan                                   # Wireless HW switch button

+# HP ProBook 455 G5
+evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHP*ProBook*455*G5*:*
+ KEYBOARD_KEY_85=unknown                                # lid close; also reported via special evdev
+ KEYBOARD_KEY_f8=wlan                                   # Wireless HW switch button
+
+# HP mt44 Mobile Thin Client
+evdev:atkbd:dmi:bvn*:bvr*:svnHP*:pnHP*mt44*Mobile*Thin*Client*:*
+ KEYBOARD_KEY_64=calendar                               # Calendar icon (Fn + F12)
+ KEYBOARD_KEY_6d=displaytoggle                          # Display icon
+ KEYBOARD_KEY_66=connect                                # Pickup phone button → connect → XF86Go
+ KEYBOARD_KEY_65=cancel                                 # Hangup phone button → cancel → Cancel
+ KEYBOARD_KEY_81=f20                                    # Fn+F8; Microphone mute button, should be micmute
+ KEYBOARD_KEY_85=unknown                                # lid close; also reported via special evdev
+ KEYBOARD_KEY_f8=wlan                                   # Wireless HW switch button
+
 # HP Stream 7
 # The ACPI tables contains a gpio-keys entry for a non connected GPIO
 # causing spurious events, map this to unknown to disable it
--- a/shell-completion/bash/machinectl
+++ b/shell-completion/bash/machinectl
@ -30,7 +30,7 @@ __get_machines() {
 }

 _machinectl() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local i verb comps

    local -A OPTS=(
--- a/shell-completion/bash/networkctl
+++ b/shell-completion/bash/networkctl
@ -30,7 +30,7 @@ __get_links() {

 _networkctl() {
    local i verb comps
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local -A OPTS=(
        [STANDALONE]='-a --all -h --help --version --no-pager --no-legend -s --stats -l --full'
        [ARG]='-n --lines'
--- a/shell-completion/bash/systemd-analyze
+++ b/shell-completion/bash/systemd-analyze
@ -46,7 +46,7 @@ __get_syscall_sets() {

 _systemd_analyze() {
    local i verb comps mode
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword

    local -A OPTS=(
        [STANDALONE]='-h --help --version --system --user --global --order --require --no-pager
--- a/shell-completion/bash/systemd-cat
+++ b/shell-completion/bash/systemd-cat
@ -25,7 +25,7 @@ __contains_word() {
 }

 _systemd_cat() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local i verb comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-cgls
+++ b/shell-completion/bash/systemd-cgls
@ -37,7 +37,7 @@ __get_units_have_cgroup() {
 }

 _systemd_cgls() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local i verb comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-cgtop
+++ b/shell-completion/bash/systemd-cgtop
@ -29,7 +29,7 @@ __get_machines() {
 }

 _systemd_cgtop() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-delta
+++ b/shell-completion/bash/systemd-delta
@ -24,7 +24,7 @@ __contains_word() {
 }

 _systemd-delta() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-detect-virt
+++ b/shell-completion/bash/systemd-detect-virt
@ -24,7 +24,7 @@ __contains_word() {
 }

 _systemd_detect_virt() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local i verb comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-id128
+++ b/shell-completion/bash/systemd-id128
@ -26,7 +26,7 @@ __contains_word () {

 _systemd_id128() {
    local i verb comps
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local -A OPTS=(
        [STANDALONE]='-h --help --version -p --pretty'
        [ARG]='-a --app-specific'
--- a/shell-completion/bash/systemd-nspawn
+++ b/shell-completion/bash/systemd-nspawn
@ -58,7 +58,7 @@ __get_rlimit() {
 }

 _systemd_nspawn() {
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local i verb comps

    local -A OPTS=(
--- a/shell-completion/bash/systemd-path
+++ b/shell-completion/bash/systemd-path
@ -30,7 +30,7 @@ __get_names() {

 _systemd_path() {
    local comps
-    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]}
+    local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
    local -A OPTS=(
        [STANDALONE]='-h --help --version'
        [ARG]='--suffix'
--- a/src/basic/recovery-key.c
+++ b/src/basic/recovery-key.c
@ -74,6 +74,7 @@ int normalize_recovery_key(const char *password, char **ret) {
 int make_recovery_key(char **ret) {
        _cleanup_(erase_and_freep) char *formatted = NULL;
        _cleanup_(erase_and_freep) uint8_t *key = NULL;
+        size_t j = 0;
        int r;

        assert(ret);
@ -91,7 +92,7 @@ int make_recovery_key(char **ret) {
        if (!formatted)
                return -ENOMEM;

-        for (size_t i = 0, j = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
+        for (size_t i = 0; i < RECOVERY_KEY_MODHEX_RAW_LENGTH; i++) {
                formatted[j++] = modhex_alphabet[key[i] >> 4];
                formatted[j++] = modhex_alphabet[key[i] & 0xF];

@ -99,7 +100,9 @@ int make_recovery_key(char **ret) {
                        formatted[j++] = '-';
        }

-        formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0;
+        assert(j == RECOVERY_KEY_MODHEX_FORMATTED_LENGTH);
+        assert(formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] == '-');
+        formatted[RECOVERY_KEY_MODHEX_FORMATTED_LENGTH-1] = 0; /* replace final dash with a NUL */

        *ret = TAKE_PTR(formatted);
        return 0;
--- a/src/resolve/resolved-dns-stub.c
+++ b/src/resolve/resolved-dns-stub.c
@ -433,6 +433,7 @@ static int dns_stub_finish_reply_packet(
                int rcode,
                bool tc,        /* set the Truncated bit? */
                bool aa,        /* set the Authoritative Answer bit? */
+                bool rd,        /* set the Recursion Desired bit? */
                bool add_opt,   /* add an OPT RR to this packet? */
                bool edns0_do,  /* set the EDNS0 DNSSEC OK bit? */
                bool ad,        /* set the DNSSEC authenticated data bit? */
@ -473,7 +474,7 @@ static int dns_stub_finish_reply_packet(
                                                              0  /* opcode */,
                                                              aa /* aa */,
                                                              tc /* tc */,
-                                                              1  /* rd */,
+                                                              rd /* rd */,
                                                              1  /* ra */,
                                                              ad /* ad */,
                                                              cd /* cd */,
@ -581,6 +582,7 @@ static int dns_stub_send_reply(
                        rcode,
                        truncated,
                        dns_query_fully_authoritative(q),
+                        DNS_PACKET_RD(q->request_packet),
                        !!q->request_packet->opt,
                        edns0_do,
                        DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q),
@ -622,6 +624,7 @@ static int dns_stub_send_failure(
                        rcode,
                        truncated,
                        false,
+                        DNS_PACKET_RD(p),
                        !!p->opt,
                        DNS_PACKET_DO(p),
                        DNS_PACKET_AD(p) && authenticated,
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@ -686,6 +686,10 @@ int tpm2_unseal(

        assert(pcr_mask < (UINT32_C(1) << TPM2_PCRS_MAX)); /* Support 24 PCR banks */

+        r = dlopen_tpm2();
+        if (r < 0)
+                return log_error_errno(r, "TPM2 support is not installed.");
+
        /* So here's what we do here: We connect to the TPM2 chip. As we do when sealing we generate a
         * "primary" key on the TPM2 chip, with the same parameters as well as a PCR-bound policy
         * session. Given we pass the same parameters, this will result in the same "primary" key, and same
--- a/units/systemd-firstboot.service
+++ b/units/systemd-firstboot.service
@ -29,10 +29,12 @@ StandardError=tty
 # Optionally, pick up basic fields from credentials passed to the service
 # manager. This is useful for importing this data from nspawn's
 # --set-credential= switch.
-LoadCredential=passwd.hashed-password.root
-LoadCredential=passwd.plaintext-password.root
-LoadCredential=passwd.shell.root
-LoadCredential=firstboot.locale
-LoadCredential=firstboot.locale-messages
-LoadCredential=firstboot.keymap
-LoadCredential=firstboot.timezone
+# FIXME: temporarily disabled as it causes asserts on v247/v248, see:
+# https://github.com/systemd/systemd/issues/19178
+#LoadCredential=passwd.hashed-password.root
+#LoadCredential=passwd.plaintext-password.root
+#LoadCredential=passwd.shell.root
+#LoadCredential=firstboot.locale
+#LoadCredential=firstboot.locale-messages
+#LoadCredential=firstboot.keymap
+#LoadCredential=firstboot.timezone
--- a/units/systemd-sysusers.service
+++ b/units/systemd-sysusers.service
@ -25,6 +25,8 @@ TimeoutSec=90s
 # Optionally, pick up a root password and shell for the root user from a
 # credential passed to the service manager. This is useful for importing this
 # data from nspawn's --set-credential= switch.
-LoadCredential=passwd.hashed-password.root
-LoadCredential=passwd.plaintext-password.root
-LoadCredential=passwd.shell.root
+# FIXME: temporarily disabled as it causes asserts on v247/v248, see:
+# https://github.com/systemd/systemd/issues/19178
+#LoadCredential=passwd.hashed-password.root
+#LoadCredential=passwd.plaintext-password.root
+#LoadCredential=passwd.shell.root
Author	SHA1	Message	Date
Luca Boccassi	ee579e6454	Merge pull request #19215 from braewoods/main hwdb: 60-keyboard:: Add quirks for 2 new HP laptops	2021-04-06 18:52:11 +01:00
Lennart Poettering	1b30720c1b	tpm2-util: properly load tpm2 libraries befre unsealing We forgot a call to dlopen_tpm2() in the unseal codepaths. As long as automatic TPM2 device discovery was used that didn't matter, since in that codepaths we'd have another call dlopen_tpm2(). But with an explicitly configured TPM2 device things should work too, hence add the missing call. Fixes: #19206	2021-04-06 18:43:24 +02:00
Lennart Poettering	ff2cf6f8fe	recovery-key: add some extra asserts Let's ensure our key sizes calculations are correct. This doesn't actually change anything, just adds more safety checks. Inspired by #19203, but not a fix.	2021-04-06 18:42:30 +02:00
KoyamaSohei	da846b3031	resolve: copy rd flag from the query to response	2021-04-06 17:00:29 +02:00
Sibo Dong	f34173a048	bash-completion: localize words and cword variables The words and cword variables are not localized in all Bash completion scripts that call _init_completion. cur, prev, words, and cword (and split if using the -s flag) are all variables that should be localized in Bash completion scripts before calling _init_completion (even if they don't otherwise appear in the calling script). This is done for cur and prev, but not for words and cword. Letting words and cword remain unlocalized may clobber variables the user is using for other purposes, which is bad. This issue can be resolved by declaring words and cword as local variables. Resolves #19188.	2021-04-06 16:15:13 +02:00
Luca Boccassi	7c20dd4b6e	sysusers/firstboot: temporarily disable LoadCredential Single-param LoadCredential= in units causes systemd v247/v248 to assert when parsing. Disable it for now, until the fix is merged in the stable trees, released and available (eg: in Debian for the CI) See: https://github.com/systemd/systemd/issues/19178	2021-04-06 12:02:42 +02:00
James Buren	5f6e4dc4f4	hwdb: 60-keyboard:: Add HP ProBook 455 G5 hotkey quirks This enables all of the known hotkeys that were not working out of the box on my test unit.	2021-04-06 02:18:26 -05:00
James Buren	98fa828f60	hwdb: 60-keyboard:: Add HP mt44 Mobile Thin Client hotkey quirks This enables all of the known hotkeys that were not working out of the box on my test unit.	2021-04-06 01:32:37 -05:00