Compare commits

..

6 Commits

Author SHA1 Message Date
Ivan Kruglov 1dc7dd847b TEST-13-NSPAWN.machinectl.sh: resolve race condition
I encountered this race condition while working on TEST-13-NSPAWN.varlinkctl.sh.
The long-running machine's init script sometimes does not have time to start and
register signals. As result, occasiounally failed tests.
2024-09-18 14:14:50 +02:00
Ivan Kruglov 76ad48f9a5 varlinkctl: tests for io.systemd.Machine.List, io.systemd.Machine.Get, io.systemd.Machine.GetByPID, io.systemd.Machine.Kill 2024-09-18 14:14:50 +02:00
Ivan Kruglov 95adf8a563 varlinkctl: io.systemd.Machine.Kill 2024-09-18 14:10:38 +02:00
Ivan Kruglov 4fb0dabd92 varlinkctl: io.systemd.Machine.Unregister & io.systemd.Machine.Terminate 2024-09-17 14:00:25 +02:00
Ivan Kruglov c0e92dec76 varlinkctl: io.systemd.Machine.GetByPID 2024-09-17 14:00:22 +02:00
Ivan Kruglov c3065654c8 varlinkctl: io.systemd.Machine.Get 2024-09-17 14:00:03 +02:00
229 changed files with 2426 additions and 4736 deletions

View File

@ -105,7 +105,7 @@ jobs:
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: systemd/mkosi@2c9954fa51a3a995bbdc02db6ef51f5bd27bc1ba
- uses: systemd/mkosi@31b4e756c1484c302435653da5d3b9bdfae38518
# Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
# immediately, we remove the files in the background. However, we first move them to a different location

243
NEWS
View File

@ -2,15 +2,6 @@ systemd System and Service Manager
CHANGES WITH 257 in spe:
Incompatible changes:
* The --purge switch of systemd-tmpfiles (which was added in v256) has
been reworked: it will now only apply to tmpfiles.d/ lines marked
with the new "$" flag. This is an incompatible change, and means any
tmpfiles.d/ files which shall be used together with --purge need to
be updated accordingly. This change has been made to make it harder
to accidentally delete too many files when using --purge incorrectly.
Announcements of Future Feature Removals and Incompatible Changes:
* Support for automatic flushing of the nscd user/group database caches
@ -53,248 +44,18 @@ CHANGES WITH 257 in spe:
but it should make the inhibitor logic easier to use and understand,
and also help avoiding accidental reboots and shutdowns. New 'delay-weak'
and 'block-weak' inhibitor modes were added, if taken they will make
the inhibitor lock work as in the previous versions. Inhibitor locks
can also be taken by remote users (subject to polkit policy).
the inhibitor lock work as in the previous versions.
* systemd-nspawn will now mount the unified cgroup hierarchy into a
container if no systemd installation is found in a container's root
filesystem. `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0` can be used to override
this behavior.
libsystemd:
* New sd-json component is now available as part of libsystemd. The
goal of the library is to allow structures to be conveniently
created in C code and serialized to JSON, and for JSON to
conveniently deserialized into in-memory structures, using callbacks
to handle specific keys. Various data types like integers, floats,
booleans, strings, UUIDs, hex-encoded strings, and arrays are
supported natively.
Service and system management:
* Environment variable $REMOTE_ADDR is now set when using socket
activation for AF_UNIX sockets.
* Multipath TCP (MPTCP) is now supported as a socket protocol.
* New crypttab options fido2-pin=, fido2-up=, fido2-uv= can be used to
enable/disable the PIN query, User Presence check, and User
Verification.
* New crypttab option password-cache=yes|no|read-only can be used to
customize password caching.
* New fstab option x-systemd.wants= creates "Wants" dependencies.
(This is similar to the previously available x-systemd.requires=.)
* The initialization of the system clock during boot and updates has
been simplified: either pid1 or systemd-timesyncd will pick the
latest time as indicated by the compiled-in epoch,
/usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
systemd(1) for an detailed updated description.
* Ctrl-Alt-Delete is re-enabled during late shutdown, so that the user
can still initiate a reboot if the system freezes.
* Unit option PrivateUsers=identity can be used to request a user
namespace with an identity mapping for the first 65536 UIDs/GIDs.
This is analogous to the systemd-nspawn's --private-users=identity.
* Unit option PrivateTmp=disconnected can be used to specify that a
separate tmpfs instance should be used for /tmp/ and /var/tmp/ for
the unit.
* A new sleep.conf HibernateOnACPower= option has been added, which
when disabled would suppress hibernation in suspend-then-hibernate
mode until the system is disconnected from a power source.
* udev rules now set 'uaccess' for /dev/udmabuf, giving locally
logged-in users access to the hardware. This is necessary to support
IPMI cameras with libcamera.
* New RELEASE_TYPE= and EXPERIMENT= fields are documented for the
os-release file. For example, "RELEASE_TYPE=development|stable|lts"
can be used to indicate various stages of the release life cycle,
and "RELEASE_TYPE=experimental" can indicate experimental builds,
with the EXPERIMENT= field providing a human-readable description of
the nature of the experiment.
* The manager (and various other tools too) use pidfds in more places
to refer to processes.
* A bunch of patches to ease building against musl have been merged.
* A build option -D link-executor-shared=false can be used to build
the systemd-executor binary (added in the previous release) in a way
where it does not link to shared libsystemd-shared-….so library.
PID1 holds a reference to the executor binary that was on disk when
the manager was started or restarted, but the shared libraries it is
linked to are not loaded until the executor binary needs to be used.
This partial static linking is a workaround for the issue where,
during upgrades, the old libsystemd-shared-….so may have already
been removed and the pinned executor binary will just fail to
execute.
systemd-logind:
* New DesignatedMaintenanceTime= configuration option allows
shutdowns to be automatically scheduled at the specified time.
* logind now reacts to Ctrl-Alt-Shift-Esc being pressed. It will send
out a org.freedesktop.login1.SecureAttentionKey signal, indicating a
request by the user for the system to display a secure login dialog.
The handling of SAK can be suppressed in logind configuration.
systemd-machined:
* Unprivileged clients are now allowed to register VMs and containers.
Machines started via the systemd-vmspawn@.service unit will now be
registered with systemd-machined.
systemd-resolved:
* resolvconf command now supports '-p' switch. If specified, the
* 'resolvconf' command now supports '-p' switch. If specified, the
interface will not be used as the default route.
* resolvectl now allows interactive polkit authorization. It gained a
--no-ask-password option to suppress it.
systemd-networkd and networkctl:
* IPv6 address labels can be configured in a new [IPv6AddressLabel]
section with Prefix= and Label= settings.
* 'networkctl edit' can now read the new contents from standard input
with the new --stdin option.
* 'networkctl edit' and 'cat' now supports editing .netdev files by
link. 'networkctl cat' can also list all configuration files
associated with an interface at once with ':all'.
* networkctl gained a --no-ask-password option to suppress interactive
polkit authorization.
systemd-boot, systemd-stub, and related tools:
* The EFI stub now supports loading of .ucode sections with microcode
from addons.
* A new .profile PE section type is now documented and supported in
systemd-measure, ukify, systemd-stub and systemd-boot. Those new
sections allow multiple "profiles" to be stored together in the UKI,
with .profile sections creating groupings the UKI, allowing some
sections to be shared and other sections like .cmdline or .initrd
unique to the profile.
* ukify gained an --extend switch to import an existing UKI to
be extended, and a --measure-base= switch to support measurement
of multi-profile UKIs.
The journal:
* journalctl can now list invocations of a unit with the
--list-invocation options and show logs for a specific invocation
with the new --invocation/-I option. (This is analogous to the
--list-boots/--boot/-b options.)
systemd-sysupdate and related tools:
* systemd-sysupdate can be run as system service, allowing
unprivileged clients to update the system via D-Bus calls.
A new updatectl command-line tool can be used to control the
service.
* systemd-sysupdate gained a new --offline option to force it to
operate locally. This is useful when listing locally installed
versions.
* systemd-sysupdate gained a new --transfer-source= option to set the
directory to which transfer sources configured with
PathRelativeTo=explicit will be interpreted.
Miscellaneous:
* systemctl now supports the --now option with the 'reenable' verb.
* systemd-analyze will now show the SMBIOS #11 vendor strings set for
the machine with a new 'smbios11' verb.
* systemd-analyze gained a new --instance= option that can be used to
provide an instance name to analyze multiple templates instantiated
with the same instance name.
* The 'tpm2' verb which lists usable TPM2 devices has been moved from
systemd-creds to systemd-analyze.
* varlinkctl gained a new verb 'list-methods' to show a list of
methods implemented by a service.
* varlinkctl gained a --quiet/-q option to suppress method call
replies.
* varlinkctl gained a --graceful= option to suppress specified Varlink
errors.
* varlinkctl gained a --timeout= option to limit how long the
invocation can take.
* varlinkctl allows remote invocations over ssh, via the new
"ssh-exec:" address specification. It'll make an ssh connection,
start the specified executable on the remote, and communicate with
the remote process using the Varlink protocol.
"ssh:" address specification has been renamed to "ssh-unix:".
(The old syntax is still supported for backwards compatibility.)
* bootctl gained a --random-seed=yes|no option to control provisioning
of the random seed file in ESP. (This is useful when producing an
image that will be used multiple times.)
* systemd-cryptenroll gained new options -fido2-salt-file= and
--fido2-parameters-in-header= to simplify manual enrollment of FIDO2
tokens.
* systemd-cryptenroll, systemd-repart, and systemd-storagetm gained a
new --list-devices option to list appropriate candidate block
devices.
* systemd-repart's CopyBlocks= directive can now use a char device as
source (in addition to previously supported regular files and block
devices).
* systemd-repart gained a new Compression= and CompressionLevel=
settings to enable internal compression in filesystems created
offline.
* systemd-repart understands a new MakeSymlinks= option to create one
or more symlinks (each specified as a symlink name and target).
* systemd-mount can now output JSON with a new --json= switch.
* A new generator sytemd-import-generator has been added to
synthetisize image download jobs. This provides functionality
similar to importctl, but configured via the kernel command line and
system credentials.
* systemd-inhibit now allows interactive polkit authorization. It
gained a --no-ask-password option to suppress it.
* systemd-id128 gained a new 'var-partition-uuid' verb to calculate
the DPS UUID for /var/ keyed by the local machine-id.
* locatectl gained a -l/--full option to show output without
ellipsization.
* 'busctl monitor' gained new options --num-matches= and --timeout=
to set the number of matches or limit the runtime of the command.
This is intended to be used in scripts.
* systemd-run can output some data as JSON via the new --json= option.
* timedatectl now supports interactive polkit authorization.
— <place>, <date>
CHANGES WITH 256:

60
TODO
View File

@ -130,10 +130,6 @@ Deprecations and removals:
Features:
* find a nice way to opt-in into auto-masking SIGCHLD on first
sd_event_add_child(), and then get rid of many more explicit sigprocmask()
calls.
* maybe set shell.prompt.prefix credential in run0 to some warning emoji,
i.e. ⚠️ or ☢️ or ⚡ or 👊 or 🧑‍🔧 or so.
@ -162,6 +158,10 @@ Features:
services where mount propagation from the root fs is off, an still have
confext/sysext propagated in.
* marry pcrlock + signed pcr policies for FDE/credentials by letting each
unlock "half" of the volume key, so that the combination of both must be
XOR'ed to get the actual volume key
* support F_DUDFD_QUERY for comparing fds in same_fd (requires kernel 6.10)
* generic interface for varlink for setting log level and stuff that all our daemons can implement
@ -189,8 +189,6 @@ Features:
* go through our codebase, and convert "vertical tables" (i.e. things such as
"systemctl status") to use table_new_vertical() for output
* pcrlock: add support for multi-profile UKIs
* logind: when logging in use new tmpfs quota support to configure quota on
/tmp/ + /dev/shm/. But do so only in case of tmpfs, because otherwise quota
is persistent and any persistent settings mean we don#t have to reapply them.
@ -487,9 +485,13 @@ Features:
nvme-oF
* pcrlock:
- make signed PCR work together with pcrlock
- add kernel-install plugin that automatically creates UKI .pcrlock file when
UKI is installed, and removes it when it is removed again
- automatically install PE measurement of sd-boot on "bootctl install"
- write generated pcrlock signature files to the ESP as credential, one for
each installed OS & pick up generated pcrlock signature file in sd-stub,
pass it via initrd to OS
- pre-calc sysext + kernel cmdline measurements
- pre-calc cryptsetup root key measurement
- maybe make systemd-repart generate .pcrlock for old and new GPT header in
@ -949,6 +951,9 @@ Features:
* systemd-tmpfiles: add concept for conditionalizing lines on factory reset
boot, or on first boot.
* in UKIs: add way to define allowlist of additional words that can be added to
the kernel cmdline even in SecureBoot mode
* we probably needs .pcrpkeyrd or so as additional PE section in UKIs,
which contains a separate public key for PCR values that only apply in the
initrd, i.e. in the boot phase "enter-initrd". Then, consumers in userspace
@ -1001,6 +1006,12 @@ Features:
* in the initrd, once the rootfs encryption key has been measured to PCR 15,
derive default machine ID to use from it, and pass it to host PID 1.
* tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
of manually hooking into SIGINT/SIGTERM
* tree-wide: convert as much as possible over to SD_EVENT_SIGNAL_PROCMASK
instead of manual blocking.
* sd-boot: for each installed OS, grey out older entries (i.e. all but the
newest), to indicate they are obsolete
@ -1068,6 +1079,9 @@ Features:
* in sd-boot: load EFI drivers from a new PE section. That way, one can have a
"supercharged" sd-boot binary, that could carry ext4 drivers built-in.
* sd-bus: document that sd_bus_process() only returns messages that non of the
filters/handlers installed on the connection took possession of.
* sd-device: add an API for acquiring list of child devices, given a device
objects (i.e. all child dirents that dirs or symlinks to dirs)
@ -1247,6 +1261,9 @@ Features:
appropriate qemu cmdline. That way qemu payloads could talk sd_notify()
directly to host service manager.
* sd-device has an API to create an sd_device object from a device id, but has
no api to query the device id
* sd-device should return the devnum type (i.e. 'b' or 'c') via some API for an
sd_device object, so that data passed into sd_device_new_from_devnum() can
also be queried.
@ -1291,6 +1308,14 @@ Features:
multiple versions are around of the same resource, show which ones. (in other
words: show partition labels).
* maybe add a generator that reads /proc/cmdline, looks for
systemd.pull-raw-portable=, systemd-pull-raw-sysext= and similar switches
that take a URL as parameter. It then generates service units for
systemd-pull calls that download these URLs if not installed yet. Use case:
invoke a VM or nspawn container in a way it automatically deploys/runs these
images as OS payloads. i.e. have a generic OS image you can point to any
payload you like, which is then downloaded, securely verified and run.
* systemd-dissect: add --cat switch for dumping files such as /etc/os-release
* per-service sandboxing option: ProtectIds=. If used, will overmount
@ -1501,8 +1526,6 @@ Features:
* systemd-analyze netif that explains predictable interface (or networkctl)
* systemd-analyze inspect-elf should show other notes too, at least build-id.
* Figure out naming of verbs in systemd-analyze: we have (singular) capability,
exit-status, but (plural) filesystems, architectures.
@ -1687,8 +1710,7 @@ Features:
zero and is not open anymore, while the latter happens when a file is
unlinked from any dir.
* systemctl, machinectl, loginctl: port "status" commands over to
format-table.c's vertical output logic.
* port systemctl, busctl, … over to format-table.[ch]'s table formatters
* pid1: lock image configured with RootDirectory=/RootImage= using the usual nspawn semantics while the unit is up
@ -1714,6 +1736,9 @@ Features:
the entire system, with the exception of one specific service. See:
https://lists.freedesktop.org/archives/systemd-devel/2018-February/040369.html
* maybe rework get_user_creds() to query the user database if $SHELL is used
for root, but only then.
* calenderspec: add support for week numbers and day numbers within a
year. This would allow us to define "bi-weekly" triggers safely.
@ -1862,7 +1887,7 @@ Features:
* fstab-generator: default to tmpfs-as-root if only usr= is specified on the kernel cmdline
* docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REALTIME up to date
* docs: bring https://systemd.io/MY_SERVICE_CANT_GET_REATLIME up to date
* add a job mode that will fail if a transaction would mean stopping
running units. Use this in timedated to manage the NTP service
@ -2160,9 +2185,16 @@ Features:
- follow PropertiesChanged state more closely, to deal with quick logouts and
relogins
- (optionally?) spawn seat-manager@$SEAT.service whenever a seat shows up that as CanGraphical set
- expose details of boot entries on the bus. In particular, it should be possible
to query the list of boot entry titles that bootctl / sd-boot would show.
Currently we only expose their identifiers.
* move multiseat vid/pid matches from logind udev rule to hwdb
* logind: rework pam_logind to also do a bus call in case of invocation from
user@.service, which returns the XDG_RUNTIME_DIR value, and make this
behaviour selectable via pam module option.
* delay activation of logind until somebody logs in, or when /dev/tty0 pulls it
in or lingering is on (so that containers don't bother with it until PAM is used). also exit-on-idle
@ -2276,7 +2308,9 @@ Features:
should probably honour that same limit (JOURNAL_FILES_MAX) when vacuuming to
ensure we never generate more files than we can actually view.
* bsod: maybe use graphical mode. Use DRM APIs directly, see
* maybe add a tool that displays most recent journal logs as QR code to scan
off screen and run it automatically on boot failures, emergency logs and
such. Use DRM APIs directly, see
https://github.com/dvdhrm/docs/blob/master/drm-howto/modeset.c for an example
for doing that.
@ -2330,7 +2364,7 @@ Features:
- GNOME's side for forget key on suspend (requires rework so that lock screen runs outside of uid)
- update LUKS password on login if we find there's a password that unlocks the JSON record but not the LUKS device.
- create on activate?
- properties: icon url?, administrator bool (which translates to 'wheel' membership)?, address?, telephone?, vcard?, samba stuff?, parental controls?
- properties: icon url?, preferred session type?, administrator bool (which translates to 'wheel' membership)?, address?, telephone?, vcard?, samba stuff?, parental controls?
- communicate clearly when usb stick is safe to remove. probably involves
beefing up logind to make pam session close hook synchronous and wait until
systemd --user is shut down.

View File

@ -788,22 +788,9 @@ Defined-By: systemd
Support: %SUPPORT_URL%
Documentation: man:systemd-tpm2-setup.service(8)
An authorization failure occurred while attempting to enroll a Storage Root Key
(SRK) on the Trusted Platform Module (TPM). Most likely this means that a
PIN/Password (authValue) has been set on the Owner hierarchy of the TPM.
An authorization failure occurred while attempting to enroll a Storage Root Key (SRK) on the Trusted Platform
Module (TPM). Most likely this means that a PIN/Password (authValue) has been set on the Owner hierarchy of
the TPM.
Automatic SRK enrollment on TPMs in such scenarios is not supported. In order
to unset the PIN/password protection on the owner hierarchy issue a command
like the following: 'tpm2_changeauth -c o -p <OLDPW> ""'.
-- 9cf56b8baf9546cf9478783a8de42113
Subject: A foreign process changed a sysctl systemd-networkd manages
Defined-By: systemd
Support: %SUPPORT_URL%
The sysctl configuration setting @SYSCTL@, which is managed by
systemd-networkd, has been changed by another, unrelated process
("@OBJECT_COMM@", PID @OBJECT_PID@). This represents a conflict of ownership
and will likely result in problems later on.
Value changed to "@NEWVALUE@", which should be "@OURVALUE@".
Automatic SRK enrollment on TPMs in such scenarios is not supported. In order to unset the PIN/password
protection on the owner hierarchy issue a command like the following: 'tpm2_changeauth -c o -p <OLDPW> ""'.

View File

@ -247,4 +247,4 @@ Note that scope units created by `machined`'s `CreateMachine()` call have this f
### Example
Please see the [systemd-run sources](https://github.com/systemd/systemd/blob/main/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them.
Please see the [systemd-run sources](http://cgit.freedesktop.org/systemd/systemd/plain/src/run/run.c) for a relatively simple example how to create scope or service units transiently and pass properties to them.

View File

@ -87,90 +87,3 @@ of the libraries they specify in order to be enabled.
| required | Core functionality needs the dependency, the binary will not work if it cannot be found |
| recommended | Important functionality needs the dependency, the binary will work but in most cases the dependency should be provided |
| suggested | Secondary functionality needs the dependency, the binary will work and the dependency is only needed for full-featured installations |
### Displaying `dlopen()` notes
The raw ELF section can be extracted using `objdump`:
```console
$ objdump -j .note.dlopen -s /usr/lib64/systemd/libsystemd-shared-257.so
/usr/lib64/systemd/libsystemd-shared-257.so: file format elf64-x86-64
Contents of section .note.dlopen:
0334 04000000 8e000000 0a0c7c40 46444f00 ..........|@FDO.
0344 5b7b2266 65617475 7265223a 22627066 [{"feature":"bpf
0354 222c2264 65736372 69707469 6f6e223a ","description":
0364 22537570 706f7274 20666972 6577616c "Support firewal
0374 6c696e67 20616e64 2073616e 64626f78 ling and sandbox
0384 696e6720 77697468 20425046 222c2270 ing with BPF","p
0394 72696f72 69747922 3a227375 67676573 riority":"sugges
03a4 74656422 2c22736f 6e616d65 223a5b22 ted","soname":["
03b4 6c696262 70662e73 6f2e3122 2c226c69 libbpf.so.1","li
03c4 62627066 2e736f2e 30225d7d 5d000000 bbpf.so.0"]}]...
03d4 04000000 9e000000 0a0c7c40 46444f00 ..........|@FDO.
...
```
It is more convenient to use a higher level tool:
```console
$ dlopen-notes /usr/lib64/systemd/libsystemd-shared-257.so
# /usr/lib64/systemd/libsystemd-shared-257.so
[
{
"feature": "archive",
"description": "Support for decompressing archive files",
"priority": "suggested",
"soname": [
"libarchive.so.13"
]
},
{
"feature": "bpf",
"description": "Support firewalling and sandboxing with BPF",
"priority": "suggested",
"soname": [
"libbpf.so.1",
"libbpf.so.0"
]
},
...
```
`dlopen-notes` can display the notes grouped in a few different ways.
One option is to filter the libraries by "feature". This answers the
question "what libraries are needed to provide specified features":
```console
$ dlopen-notes.py -f archive,bpf /usr/lib64/systemd/libsystemd-shared-257.so
# grouped by feature
{
"bpf": {
"description": "Support firewalling and sandboxing with BPF",
"sonames": {
"libbpf.so.1": "suggested",
"libbpf.so.0": "suggested"
}
},
"archive": {
"description": "Support for decompressing archive files",
"sonames": {
"libarchive.so.13": "suggested"
}
}
}
The format that is used when building `deb` packages:
```console
$ dlopen-notes -s /usr/lib64/systemd/libsystemd-shared-257.so
libarchive.so.13 suggested
libbpf.so.0 suggested
libbpf.so.1 suggested
...
```
The format that can be useful when building `rpm` packages:
```console
$ dlopen-notes --rpm-requires archive --rpm-recommends bpf /usr/lib64/systemd/libsystemd-shared-257.so
Requires: libarchive.so.13()(64bit)
Recommends: libbpf.so.1()(64bit)
```

View File

@ -103,97 +103,3 @@ A set of well-known keys is defined here, and hopefully shared among all vendors
| architecture | The binary package architecture | arm32 |
| osCpe | A CPE name for the OS, typically corresponding to CPE_NAME in os-release | cpe:/o:fedoraproject:fedora:33 |
| debugInfoUrl | The debuginfod server url, if available | https://debuginfod.fedoraproject.org/ |
### Displaying package notes
The raw ELF section can be extracted using `objdump`:
```console
$ objdump -j .note.package -s /usr/bin/ls
/usr/bin/ls: file format elf64-x86-64
Contents of section .note.package:
03cc 04000000 7c000000 7e1afeca 46444f00 ....|...~...FDO.
03dc 7b227479 7065223a 2272706d 222c226e {"type":"rpm","n
03ec 616d6522 3a22636f 72657574 696c7322 ame":"coreutils"
03fc 2c227665 7273696f 6e223a22 392e342d ,"version":"9.4-
040c 372e6663 3430222c 22617263 68697465 7.fc40","archite
041c 63747572 65223a22 7838365f 3634222c cture":"x86_64",
042c 226f7343 7065223a 22637065 3a2f6f3a "osCpe":"cpe:/o:
043c 6665646f 72617072 6f6a6563 743a6665 fedoraproject:fe
044c 646f7261 3a343022 7d000000 dora:40"}...
```
It is more convenient to use a higher level tool:
```console
$ readelf --notes /usr/bin/ls
...
Displaying notes found in: .note.gnu.build-id
Owner Data size Description
GNU 0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
Build ID: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
Displaying notes found in: .note.ABI-tag
Owner Data size Description
GNU 0x00000010 NT_GNU_ABI_TAG (ABI version tag)
OS: Linux, ABI: 3.2.0
Displaying notes found in: .note.package
Owner Data size Description
FDO 0x0000007c FDO_PACKAGING_METADATA
Packaging Metadata: {"type":"rpm","name":"coreutils","version":"9.4-7.fc40","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:40"}
...
$ systemd-analyze inspect-elf /usr/bin/ls
path: /usr/bin/ls
elfType: executable
elfArchitecture: AMD x86-64
type: rpm
name: coreutils
version: 9.4-7.fc40
architecture: x86_64
osCpe: cpe:/o:fedoraproject:fedora:40
buildId: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
```
If the binary crashes, `systemd-coredump` will display the combined information
from the crashing binary and any shared libraries it links to:
```console
$ coredumpctl info
PID: 3987823 (ls)
Signal: 11 (SEGV)
Command Line: ls --color=tty -lR /
Executable: /usr/bin/ls
...
Storage: /var/lib/systemd/coredump/core.ls.1000.88dea1b9831c420dbb398f9d2ad9b41e.3987823.1726230641000000.zst (present)
Size on Disk: 194.4K
Package: coreutils/9.4-7.fc40
build-id: 40e5a1570a9d97fc48f5c61cfb7690fec0f872b2
Message: Process 3987823 (ls) of user 1000 dumped core.
Module /usr/bin/ls from rpm coreutils-9.4-7.fc40.x86_64
Module libz.so.1 from rpm zlib-ng-2.1.7-1.fc40.x86_64
Module libcrypto.so.3 from rpm openssl-3.2.2-3.fc40.x86_64
Module libmount.so.1 from rpm util-linux-2.40.1-1.fc40.x86_64
Module libcrypt.so.2 from rpm libxcrypt-4.4.36-5.fc40.x86_64
Module libblkid.so.1 from rpm util-linux-2.40.1-1.fc40.x86_64
Module libnss_sss.so.2 from rpm sssd-2.9.5-1.fc40.x86_64
Module libpcre2-8.so.0 from rpm pcre2-10.44-1.fc40.x86_64
Module libcap.so.2 from rpm libcap-2.69-8.fc40.x86_64
Module libselinux.so.1 from rpm libselinux-3.6-4.fc40.x86_64
Stack trace of thread 3987823:
#0 0x00007f19331c3f7e lgetxattr (libc.so.6 + 0x116f7e)
#1 0x00007f19332be4c0 lgetfilecon_raw (libselinux.so.1 + 0x134c0)
#2 0x00007f19332c3bd9 lgetfilecon (libselinux.so.1 + 0x18bd9)
#3 0x000056038273ad55 gobble_file.constprop.0 (/usr/bin/ls + 0x17d55)
#4 0x0000560382733c55 print_dir (/usr/bin/ls + 0x10c55)
#5 0x0000560382727c35 main (/usr/bin/ls + 0x4c35)
#6 0x00007f19330d7088 __libc_start_call_main (libc.so.6 + 0x2a088)
#7 0x00007f19330d714b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a14b)
#8 0x0000560382728f15 _start (/usr/bin/ls + 0x5f15)
ELF object binary architecture: AMD x86-64
```
(This is just a simulation. `ls` is not prone to crashing with a segmentation violation.)

View File

@ -104,7 +104,7 @@ A: Use:
**Q: Whenever my service tries to acquire RT scheduling for one of its threads this is refused with EPERM even though my service is running with full privileges. This works fine on my non-systemd system!**
A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REALTIME) for a longer discussion and what to do about this.
A: By default, systemd places all systemd daemons in their own cgroup in the "cpu" hierarchy. Unfortunately, due to a kernel limitation, this has the effect of disallowing RT entirely for the service. See [My Service Can't Get Realtime!](/MY_SERVICE_CANT_GET_REATLIME) for a longer discussion and what to do about this.
**Q: My service is ordered after `network.target` but at boot it is still called before the network is up. What's going on?**

View File

@ -340,14 +340,12 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnNotebook:pnW65_67SZ:*
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNS50_70MU:*
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNV4XMB,ME,MZ:*
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNS5x_NS7xPU:*
KEYBOARD_KEY_f7=f21 # Touchpad Toggle
KEYBOARD_KEY_f8=f21 # Touchpad Toggle
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnV5xTNC_TND_TNE:*
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnNV4xPZ:*
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnV54x_6x_TU:*
KEYBOARD_KEY_f7=f21 # Touchpad Toggle
KEYBOARD_KEY_f8=f21 # Touchpad Toggle
evdev:atkbd:dmi:bvn*:bvr*:svnNotebook:pnV5xTNC_TND_TNE:*
KEYBOARD_KEY_81=f20 # Fn+4; Mic Mute
###########################################################

View File

@ -299,10 +299,6 @@ sensor:modalias:acpi:KIOX000A*:dmi:*:svnCHUWIInnovationAndTechnology*:pnHi10X:*
sensor:modalias:acpi:MXC6655*:dmi:*:svnCHUWIINNOVATIONLIMITED:pnHi10Go:*
ACCEL_MOUNT_MATRIX=-1, 0, 0; 0,-1, 0; 0, 0, 1
# Chuwi Hi10 Max
sensor:modalias:acpi:MXC6655*:dmi:*:svnCHUWIInnovationAndTechnology*:pnHi10Max:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
# Chuwi Hi12
sensor:modalias:acpi:BOSC0200*:dmi:*:svnHampoo:pnP02BD6_HI-122LP:*
sensor:modalias:acpi:BOSC0200*:dmi:*:svnDefaultstring:pnDefaultstring:*
@ -607,15 +603,6 @@ sensor:modalias:i2c:bmc150_accel:dmi:*:svnHewlett-Packard:pnHPPavilionx2Detachab
sensor:modalias:i2c:bmc150_accel:dmi:*:svnHewlett-Packard:pnHPProTablet408:*:rn8048:*
ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
#########################################
# HUAWEI
#########################################
# HUAWEI MateBook D 15 AMD
sensor:modalias:acpi:SMO8840*:dmi:*:svnHUAWEI:pnBOHK-WAX9X:*
ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1
ACCEL_LOCATION=base
#########################################
# I.T.Works
#########################################
@ -760,9 +747,8 @@ sensor:modalias:i2c:bmc150_accel:dmi:*:svnLENOVO:*:pvrLenovoYoga300-11IBR:*
sensor:modalias:acpi:ACCL0001*:dmi:*:svnLENOVO:pn60072:pvr851*:*
ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
# IdeaPad Duet 3 10IGL5 (82AT) and 10IGL5-LTE (82HK)
# IdeaPad Duet 3 10IGL5 (82AT)
sensor:modalias:acpi:SMO8B30*:dmi:*:svnLENOVO*:pn82AT:*
sensor:modalias:acpi:SMO8B30*:dmi:*:svnLENOVO*:pn82HK:*
ACCEL_MOUNT_MATRIX=0, 1, 0; -1, 0, 0; 0, 0, 1
#########################################

View File

@ -310,10 +310,6 @@ mouse:bluetooth:v047dp8019:name:Expert Wireless TB Mouse:*
ID_INPUT_TRACKBALL=1
MOUSE_DPI=400@125
# Kensington SlimBlade Pro trackball (via Bluetooth)
mouse:bluetooth:v047dp80d4:name:SlimBlade Pro:*
ID_INPUT_TRACKBALL=1
##########################################
# Lenovo
##########################################

View File

@ -267,8 +267,7 @@
<term><option>kernel-identify</option> <replaceable>kernel</replaceable></term>
<listitem><para>Takes a kernel image as argument. Checks what kind of kernel the image is. Returns
one of <literal>uki</literal>, <literal>addon</literal>, <literal>pe</literal>, and
<literal>unknown</literal>.
one of <literal>uki</literal>, <literal>pe</literal>, and <literal>unknown</literal>.
</para>
<xi:include href="version-info.xml" xpointer="v253"/></listitem>
@ -361,24 +360,6 @@
<xi:include href="version-info.xml" xpointer="v242"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--print-loader-path</option></term>
<listitem><para>This option modifies the behaviour of <command>status</command>: it shows the
absolute path to the boot loader EFI binary used for the current boot if this information is
available. Note that no attempt is made to verify whether the binary still exists.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><option>--print-stub-path</option></term>
<listitem><para>This option modifies the behaviour of <command>status</command>: it shows the
absolute path to the UKI/stub EFI binary used for the current boot if this information is
available. Note that no attempt is made to verify whether the binary still exists.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><option>-R</option></term>
<term><option>--print-root-device</option></term>

View File

@ -46,10 +46,11 @@
the root file system, which is then responsible for probing all remaining hardware, mounting all
necessary file systems and spawning all configured services.</para>
<para>On shutdown, the system manager stops all services, unmounts all non-busy file systems (detaching
the storage technologies backing them), and then (optionally) jumps into the exitrd, which is backed by
tmpfs, and unmounts/detaches the remaining file systems, including the real root. As a last step,
the system is powered down.</para>
<para>On shutdown, the system manager stops all services, unmounts
all file systems (detaching the storage technologies backing
them), and then (optionally) jumps back into the initrd code which
unmounts/detaches the root file system and the storage it resides
on. As a last step, the system is powered down.</para>
<para>Additional information about the system boot process may be
found in

View File

@ -593,6 +593,8 @@ node /org/freedesktop/systemd1 {
<!--method GetJobBefore is not documented!-->
<!--method SetShowStatus is not documented!-->
<!--method ListUnitsFiltered is not documented!-->
<!--method ListUnitsByPatterns is not documented!-->
@ -671,6 +673,8 @@ node /org/freedesktop/systemd1 {
<!--property ConfirmSpawn is not documented!-->
<!--property ShowStatus is not documented!-->
<!--property DefaultStandardOutput is not documented!-->
<!--property DefaultStandardError is not documented!-->
@ -1358,24 +1362,6 @@ node /org/freedesktop/systemd1 {
<para><function>ResetFailedUnit()</function> resets the "failed" state of a specific unit.</para>
<para><function>SetShowStatus()</function> configures the display of status messages during bootup and
shutdown. The <varname>mode</varname> parameter can be set to any value that's valid for the
<varname>systemd.show_status</varname> kernel parameter. For more information about
<varname>systemd.show_status</varname>, see
<citerefentry project="man-pages"><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
The <varname>mode</varname> parameter can also be set to an empty string. When <varname>mode</varname>
is set to an empty string, <function>SetShowStatus()</function> will reset
<varname>ShowStatus</varname> back to its original value. You can use
<function>SetShowStatus()</function> create a service that does something like this:
<orderedlist>
<listitem><para>Send a D-Bus message that will turn off status messages.</para></listitem>
<listitem><para>Block until a reply to that message is received.</para></listitem>
<listitem><para>Print multiples lines without being interrupted by status messages.</para></listitem>
<listitem><para>Send a D-Bus message that will reset <varname>ShowStatus</varname> back to its
original value.</para></listitem>
</orderedlist>
</para>
<para><function>ResetFailed()</function> resets the "failed" state of all units.</para>
<para><function>ListUnits()</function> returns an array of all currently loaded units. Note that
@ -1802,12 +1788,6 @@ node /org/freedesktop/systemd1 {
<para><varname>Environment</varname> encodes the environment block passed to all executed services. It
may be altered with bus calls such as <function>SetEnvironment()</function> (see above).</para>
<para><varname>ShowStatus</varname> encodes systemd's current policy for displaying status messages
during bootup and shutdown. Its value can be any valid value for the
<varname>systemd.show_status</varname> kernel parameter (see
<citerefentry project="man-pages"><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
It may be altered using <function>SetShowStatus()</function> (see above).</para>
<para><varname>UnitPath</varname> encodes the currently active unit file search path. It is an array of
file system paths encoded as strings.</para>

View File

@ -76,7 +76,16 @@
<term><varname>Type=</varname></term>
<listitem><para>The GPT partition type UUID to match. This may be a GPT partition type UUID such as
<constant>4f68bce3-e8cd-4db1-96e7-fbcaf984b709</constant>, or an identifier.</para>
<constant>4f68bce3-e8cd-4db1-96e7-fbcaf984b709</constant>, or an identifier.
Architecture specific partition types can use one of these architecture identifiers:
<constant>alpha</constant>, <constant>arc</constant>, <constant>arm</constant> (32-bit),
<constant>arm64</constant> (64-bit, aka aarch64), <constant>ia64</constant>,
<constant>loongarch64</constant>, <constant>mips-le</constant>, <constant>mips64-le</constant>,
<constant>parisc</constant>, <constant>ppc</constant>, <constant>ppc64</constant>,
<constant>ppc64-le</constant>, <constant>riscv32</constant>, <constant>riscv64</constant>,
<constant>s390</constant>, <constant>s390x</constant>, <constant>tilegx</constant>,
<constant>x86</constant> (32-bit, aka i386) and <constant>x86-64</constant> (64-bit, aka amd64).
</para>
<para>The supported identifiers are:</para>
@ -228,14 +237,7 @@
</tgroup>
</table>
<para>Architecture specific partition types can use one of these architecture identifiers:
<constant>alpha</constant>, <constant>arc</constant>, <constant>arm</constant> (32-bit),
<constant>arm64</constant> (64-bit, aka aarch64), <constant>ia64</constant>,
<constant>loongarch64</constant>, <constant>mips-le</constant>, <constant>mips64-le</constant>,
<constant>parisc</constant>, <constant>ppc</constant>, <constant>ppc64</constant>,
<constant>ppc64-le</constant>, <constant>riscv32</constant>, <constant>riscv64</constant>,
<constant>s390</constant>, <constant>s390x</constant>, <constant>tilegx</constant>,
<constant>x86</constant> (32-bit, aka i386) and <constant>x86-64</constant> (64-bit, aka amd64).</para>
<para>This setting defaults to <constant>linux-generic</constant>.</para>
<para>Most of the partition type UUIDs listed above are defined in the <ulink
url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
@ -483,18 +485,18 @@
<term><varname>ExcludeFiles=</varname></term>
<term><varname>ExcludeFilesTarget=</varname></term>
<listitem><para>Takes one or more absolute paths, separated by whitespace, each referring to a
source file or directory on the host. This setting may be used to exclude files or directories from
the host from being copied into the file system when <varname>CopyFiles=</varname> is used. This
option may be used multiple times to exclude multiple files or directories from host from being
copied into the newly formatted file system.</para>
<listitem><para>Takes an absolute file system path referring to a source file or directory on the
host. This setting may be used to exclude files or directories from the host from being copied into
the file system when <varname>CopyFiles=</varname> is used. This option may be used multiple times to
exclude multiple files or directories from host from being copied into the newly formatted file
system.</para>
<para>If the path is a directory and ends with <literal>/</literal>, only the directory's
contents are excluded but not the directory itself. If the path is a directory and does not end with
<literal>/</literal>, both the directory and its contents are excluded.</para>
<para><varname>ExcludeFilesTarget=</varname> is like <varname>ExcludeFiles=</varname> except that
instead of excluding the path on the host from being copied into the partition, it exclude any files
instead of excluding the path on the host from being copied into the partition, we exclude any files
and directories from being copied into the given path in the partition.</para>
<para>When
@ -535,30 +537,6 @@
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>MakeSymlinks=</varname></term>
<listitem><para>Takes one or more arguments, separated by whitespace, each declaring a symlink to
create within the new file system. Each argument is a pair of symlink source and target paths,
separated by a colon. This option may be used more than once to create multiple symlinks. When
<varname>CopyFiles=</varname> and <varname>MakeSymlinks=</varname> are used together the former is
applied first.</para>
<para>The primary use case for this option is to create symlinks that need to exist before
<citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>
is executed. For example, when using
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
this setting can be used to create symlinks in <filename>/var/lib/extensions.mutable</filename> to
redirect writes to mutable confexts to a custom location.</para>
<para>Consider using
<citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>
with its <option>--image=</option> option to pre-create other symlinks (as well as other inodes) with
fine-grained control of ownership, access modes and other file attributes.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>Subvolumes=</varname></term>
@ -895,59 +873,6 @@
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
<varlistentry>
<term><varname>SupplementFor=</varname></term>
<listitem><para>Takes a partition definition name, such as <literal>10-esp</literal>. If specified,
<command>systemd-repart</command> will avoid creating this partition and instead prefer to partially
merge the two definitions. However, depending on the existing layout of partitions on disk,
<command>systemd-repart</command> may be forced to fall back onto un-merging the definitions and
using them as originally written, potentially creating this partition. Specifically,
<command>systemd-repart</command> will fall back if this partition is found to already exist on disk,
or if the target partition already exists on disk but is too small, or if it cannot allocate space
for the merged partition for some other reason.</para>
<para>The following fields are merged into the target definition in the specified ways:
<varname>Weight=</varname> and <varname>PaddingWeight=</varname> are simply overwritten;
<varname>SizeMinBytes=</varname> and <varname>PaddingMinBytes=</varname> use the larger of the two
values; <varname>SizeMaxBytes=</varname> and <varname>PaddingMaxBytes=</varname> use the smaller
value; and <varname>CopyFiles=</varname>, <varname>ExcludeFiles=</varname>,
<varname>ExcludeFilesTarget=</varname>, <varname>MakeDirectories=</varname>, and
<varname>Subvolumes=</varname> are concatenated.</para>
<para>Usage of this option in combination with <varname>CopyBlocks=</varname>,
<varname>Encrypt=</varname>, or <varname>Verity=</varname> is not supported. The target definition
cannot set these settings either. A definition cannot simultaneously be a supplement and act as a
target for some other supplement definition. A target cannot have more than one supplement partition
associated with it.</para>
<para>For example, distributions can use this to implement <varname>$BOOT</varname> as defined in
the <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification/">Boot Loader
Specification</ulink>. Distributions may prefer to use the ESP as <varname>$BOOT</varname> whenever
possible, but to adhere to the spec XBOOTLDR must sometimes be used instead. So, they should create
two definitions: the first defining an ESP big enough to hold just the bootloader, and a second for
the XBOOTLDR that's sufficiently large to hold kernels and configured as a supplement for the ESP.
Whenever possible, <command>systemd-repart</command> will try to merge the two definitions to create
one large ESP, but if that's not allowable due to the existing conditions on disk a small ESP and a
large XBOOTLDR will be created instead.</para>
<para>As another example, distributions can also use this to seamlessly share a single
<filename>/home</filename> partition in a multi-boot scenario, while preferring to keep
<filename>/home</filename> on the root partition by default. Having a <filename>/home</filename>
partition separated from the root partition entails some extra complexity: someone has to decide how
to split the space between the two partitions. On the other hand, it allows a user to share their
home area between multiple installed OSs (i.e. via <citerefentry><refentrytitle>systemd-homed.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>). Distributions should create two definitions:
the first for a root partition that takes up some relatively small percentage of the disk, and the
second as a supplement for the first to create a <filename>/home</filename> partition that takes up
all the remaining free space. On first boot, if <command>systemd-repart</command> finds an existing
<filename>/home</filename> partition on disk, it'll un-merge the definitions and create just a small
root partition. Otherwise, the definitions will be merged and a single large root partition will be
created.</para>
<xi:include href="version-info.xml" xpointer="v257"/></listitem>
</varlistentry>
</variablelist>
</refsect1>

View File

@ -52,24 +52,12 @@
<citerefentry><refentrytitle>sd_bus_get_fd</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
</para>
<para><function>sd_bus_process()</function> processes at most one incoming message per call. If the
parameter <parameter>ret</parameter> is not <constant>NULL</constant> and the call processed a message,
<parameter>*ret</parameter> is set to this message. The caller owns a reference to this message and
should call
<citerefentry><refentrytitle>sd_bus_message_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry>
when the message is no longer needed. If <parameter>ret</parameter> is not <constant>NULL</constant> and
progress was made, but no message was processed, <parameter>*ret</parameter> is set to
<constant>NULL</constant>. Note that only messages not already handled by the various types of registered
message handlers (i.e. by filters registered via
<citerefentry><refentrytitle>sd_bus_add_filter</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
object handlers registered via
<citerefentry><refentrytitle>sd_bus_add_object</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
matches registered via
<citerefentry><refentrytitle>sd_bus_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
and related) will be returned through this parameter. Also note that if such a message handler returns a
zero return value (as opposed to some value &gt; 0) an incoming message will not be considered handled,
and be passed to other suitable handlers (until one returns &gt; > 0), or returned by
<function>sd_bus_process()</function> (in case none returns &gt; 0).</para>
<para><function>sd_bus_process()</function> processes at most one incoming message per call. If the parameter
<parameter>ret</parameter> is not <constant>NULL</constant> and the call processed a message,
<parameter>*ret</parameter> is set to this message. The caller owns a reference to this message and should call
<citerefentry><refentrytitle>sd_bus_message_unref</refentrytitle><manvolnum>3</manvolnum></citerefentry> when the
message is no longer needed. If <parameter>ret</parameter> is not <constant>NULL</constant>, progress was made, but no message was
processed, <parameter>*ret</parameter> is set to <constant>NULL</constant>.</para>
<para>If the bus object is connected to an
<citerefentry><refentrytitle>sd-event</refentrytitle><manvolnum>3</manvolnum></citerefentry> event loop (with

View File

@ -177,11 +177,6 @@
<arg choice="plain">image-policy</arg>
<arg choice="plain" rep="repeat"><replaceable>POLICY</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>systemd-analyze</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="plain">has-tpm2</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>systemd-analyze</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
@ -953,35 +948,6 @@ default ignore - -</programlisting>
</example>
</refsect2>
<refsect2>
<title><command>systemd-analyze has-tpm2</command></title>
<para>Reports whether the system is equipped with a usable TPM2 device. If a TPM2 device has been
discovered, is supported, and is being used by firmware, by the OS kernel drivers and by userspace
(i.e. systemd) this prints <literal>yes</literal> and exits with exit status zero. If no such device is
discovered/supported/used, prints <literal>no</literal>. Otherwise prints
<literal>partial</literal>. In either of these two cases exits with non-zero exit status. It also shows
five lines indicating separately whether firmware, drivers, the system, the kernel and libraries
discovered/support/use TPM2.</para>
<para>Note, this checks for TPM 2.0 devices only, and does not consider TPM 1.2 at all.</para>
<para>Combine with <option>--quiet</option> to suppress the output.</para>
<example>
<title>Example Output</title>
<programlisting>yes
+firmware
+driver
+system
+subsystem
+libraries</programlisting>
</example>
<xi:include href="version-info.xml" xpointer="v257"/>
</refsect2>
<refsect2>
<title><command>systemd-analyze pcrs <optional><replaceable>PCR</replaceable></optional></command></title>
@ -1687,12 +1653,6 @@ io.systemd.credential:vmm.notify_socket=vsock-stream:2:254570042
<constant>12</constant>, <constant>0</constant>, <constant>11</constant> is returned if the second
version string is respectively larger, equal, or smaller to the first. In the three-argument form,
<constant>0</constant> or <constant>1</constant> if the condition is respectively true or false.</para>
<para>In case of the <command>has-tpm2</command> command returns 0 if a TPM2 device is discovered,
supported and used by firmware, driver, and userspace (i.e. systemd). Otherwise returns the OR
combination of the value 1 (in case firmware support is missing), 2 (in case driver support is missing)
and 4 (in case userspace support is missing). If no TPM2 support is available at all, value 7 is hence
returned.</para>
</refsect1>
<xi:include href="common-variables.xml" />

View File

@ -63,10 +63,7 @@
<listitem><para>Specify a short string that is used to
identify the logging tool. If not specified, no identification
string is set for the journal entry, and the executable name
(or <literal>cat</literal> if the input is read from a pipe)
will be used to describe the log source instead.
</para></listitem>
string is written to the journal.</para></listitem>
</varlistentry>
<varlistentry>

View File

@ -177,6 +177,22 @@
<xi:include href="version-info.xml" xpointer="v250"/></listitem>
</varlistentry>
<varlistentry>
<term><command>has-tpm2</command></term>
<listitem><para>Reports whether the system is equipped with a TPM2 device usable for protecting
credentials. If a TPM2 device has been discovered, is supported, and is being used by firmware,
by the OS kernel drivers and by userspace (i.e. systemd) this prints <literal>yes</literal> and exits
with exit status zero. If no such device is discovered/supported/used, prints
<literal>no</literal>. Otherwise prints <literal>partial</literal>. In either of these two cases
exits with non-zero exit status. It also shows four lines indicating separately whether firmware,
drivers, the system and the kernel discovered/support/use TPM2.</para>
<para>Combine with <option>--quiet</option> to suppress the output.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
@ -429,7 +445,8 @@
<term><option>--quiet</option></term>
<term><option>-q</option></term>
<listitem><para>Suppress additional output.</para>
<listitem><para>When used with <command>has-tpm2</command> suppresses the output, and only returns an
exit status indicating support for TPM2.</para>
<xi:include href="version-info.xml" xpointer="v251"/></listitem>
</varlistentry>
@ -444,6 +461,12 @@
<title>Exit status</title>
<para>On success, 0 is returned.</para>
<para>In case of the <command>has-tpm2</command> command returns 0 if a TPM2 device is discovered,
supported and used by firmware, driver, and userspace (i.e. systemd). Otherwise returns the OR
combination of the value 1 (in case firmware support is missing), 2 (in case driver support is missing)
and 4 (in case userspace support is missing). If no TPM2 support is available at all, value 7 is hence
returned.</para>
</refsect1>
<refsect1>

View File

@ -286,9 +286,9 @@
<title>Generate a private/public key pair, a unified kernel image, and a TPM PCR 11 signature for
it, and embed the signature and the public key in the image</title>
<programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key.pem
<programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private.pem
..+.+++++++++......+.........+......+.......+....+.....+.+...+..........
$ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
$ openssl rsa -pubout -in tpm2-pcr-private.pem -out tpm2-pcr-public.pem
# systemd-measure sign \
--linux=vmlinux \
--osrel=os-release.txt \
@ -296,25 +296,25 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
--initrd=initrd.cpio \
--splash=splash.bmp \
--dtb=devicetree.dtb \
--pcrpkey=tpm2-pcr-public-key.pem \
--pcrpkey=tpm2-pcr-public.pem \
--bank=sha1 \
--bank=sha256 \
--private-key=tpm2-pcr-private-key.pem \
--public-key=tpm2-pcr-public-key.pem >tpm2-pcr-signature.json
--private-key=tpm2-pcr-private.pem \
--public-key=tpm2-pcr-public.pem >tpm2-pcr-signature.json
# ukify --output=vmlinuz.efi \
--os-release=@os-release.txt \
--cmdline=@cmdline.txt \
--splash=splash.bmp \
--devicetree=devicetree.dtb \
--pcr-private-key=tpm2-pcr-private-key.pem \
--pcr-public-key=tpm2-pcr-public-key.pem \
--pcr-private-key=tpm2-pcr-private.pem \
--pcr-public-key=tpm2-pcr-public.pem \
--pcr-banks=sha1,sha256 \
vmlinux initrd.cpio</programlisting>
<para>Later on, enroll the signed PCR policy on a LUKS volume:</para>
<programlisting># systemd-cryptenroll --tpm2-device=auto \
--tpm2-public-key=tpm2-pcr-public-key.pem \
--tpm2-public-key=tpm2-pcr-public.pem \
--tpm2-signature=tpm2-pcr-signature.json \
/dev/sda5</programlisting>
@ -339,38 +339,38 @@ $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
two classes of secrets or credentials: one that can be unlocked during the entire runtime, and the
other that can only be used in the initrd.</para>
<programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key.pem
<programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private.pem
.+........+.+........+.......+...+...+........+....+......+..+..........
$ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key-initrd.pem
$ openssl rsa -pubout -in tpm2-pcr-private.pem -out tpm2-pcr-public.pem
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-initrd-private.pem
..+.......++........+........+......+........+....+.....+.+..+..........
$ openssl rsa -pubout -in tpm2-pcr-private-key-initrd.pem -out tpm2-pcr-public-key-initrd.pem
$ openssl rsa -pubout -in tpm2-pcr-initrd-private.pem -out tpm2-pcr-initrd-public.pem
# ukify --output vmlinux-1.2.3.efi \
--os-release=@os-release.txt \
--cmdline=@cmdline.txt \
--splash=splash.bmp \
--devicetree=devicetree.dtb \
--pcr-private-key=tpm2-pcr-private-key.pem \
--pcr-public-key=tpm2-pcr-public-key.pem \
--pcr-private-key=tpm2-pcr-private.pem \
--pcr-public-key=tpm2-pcr-public.pem \
--phases=enter-initrd,enter-initrd:leave-initrd,enter-initrd:leave-initrd:sysinit,enter-initrd:leave-initrd:sysinit:ready \
--pcr-banks=sha1,sha256 \
--pcr-private-key=tpm2-pcr-private-key-initrd.pem \
--pcr-public-key=tpm2-pcr-public-key-initrd.pem \
--pcr-private-key=tpm2-pcr-initrd-private.pem \
--pcr-public-key=tpm2-pcr-initrd-public.pem \
--phases=enter-initrd \
vmlinux-1.2.3 initrd.cpio \
--uname=1.2.3
+ /usr/lib/systemd/systemd-measure sign --linux=vmlinux-1.2.3 \
--osrel=os-release.txt --cmdline=cmdline.txt --dtb=devicetree.dtb \
--splash=splash.bmp --initrd=initrd.cpio --bank=sha1 --bank=sha256 \
--private-key=tpm2-pcr-private-key.pem --public-key=tpm2-pcr-public-key.pem \
--private-key=tpm2-pcr-private.pem --public-key=tpm2-pcr-public.pem \
--phase=enter-initrd --phase=enter-initrd:leave-initrd \
--phase=enter-initrd:leave-initrd:sysinit \
--phase=enter-initrd:leave-initrd:sysinit:ready
+ /usr/lib/systemd/systemd-measure sign --linux=vmlinux-1.2.3 \
--osrel=os-release.txt --cmdline=cmdline.txt --dtb=devicetree.dtb \
--splash=splash.bmp --initrd=initrd.cpio --bank=sha1 --bank=sha256 \
--private-key=tpm2-pcr-private-key-initrd.pem \
--public-key=tpm2-pcr-public-key-initrd.pem \
--private-key=tpm2-pcr-initrd-private.pem \
--public-key=tpm2-pcr-initrd-public.pem \
--phase=enter-initrd
Wrote unsigned vmlinux-1.2.3.efi
</programlisting>
@ -385,8 +385,8 @@ Wrote unsigned vmlinux-1.2.3.efi
by the first <option>--pcr-private-key=</option> option, covering all boot phases. The
<literal>.pcrpkey</literal> section is used in the default policies of
<command>systemd-cryptenroll</command> and <command>systemd-creds</command>. To use the stricter policy
bound to <filename>tpm2-pcr-public-key-initrd.pem</filename>, specify
<option>--tpm2-public-key=</option> on the command line of those tools.</para>
bound to <filename>tpm-pcr-initrd-public.pem</filename>, specify <option>--tpm2-public-key=</option> on
the command line of those tools.</para>
</example>
</refsect1>

View File

@ -29,7 +29,7 @@
<refsect1>
<title>Description</title>
<para><command>systemd-nsresourced</command> is a system service that permits transient delegation of a
<para><command>systemd-nsresourced</command> is a system service that permits transient delegation of a a
UID/GID range to a user namespace (see <citerefentry
project='man-pages'><refentrytitle>user_namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>)
allocated by a client, via a Varlink IPC API.</para>

View File

@ -115,7 +115,7 @@
result can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section is not
included in this PCR measurement, since it is supposed to contain signatures for the output of the
measurement operation, and thus cannot also be input to it. If an UKI contains multiple profiles, only
the PE sections of the selected profile (and those of the base profile, except if overridden) are
the PE sections of the selected profile (and those of the base profile, except if overriden) are
measured.</para>
<para>If non-zero, the selected numeric profile is measured into PCR 12.</para>
@ -641,7 +641,7 @@
</varlistentry>
<varlistentry>
<term><filename>/.extra/tpm2-pcr-public-key.pem</filename></term>
<term><filename>/.extra/tpm2-pcr-pkey.pem</filename></term>
<listitem><para>The PEM public key included in the <literal>.pcrpkey</literal> PE section of the
unified kernel image is copied into the <filename>/.extra/tpm2-pcr-public-key.pem</filename> file in
the initrd execution environment.</para>

View File

@ -152,11 +152,10 @@
<varlistentry>
<term><option>--purge</option></term>
<listitem><para>If this option is passed, all files and directories declared for
<emphasis>creation</emphasis> and marked with the <literal>$</literal> character by the
<filename>tmpfiles.d/</filename> files specified on the command line will be
<emphasis>deleted</emphasis>. Specifically, this acts on all files and directories marked with
<varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
<listitem><para>If this option is passed, all files and directories marked for
<emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
<varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
<varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
<varname>w</varname>, <varname>e</varname>. If this switch is used at least one

View File

@ -3001,12 +3001,7 @@ SystemCallErrorNumber=EPERM</programlisting>
<para><option>tty</option> connects standard output to a tty (as configured via <varname>TTYPath=</varname>,
see below). If the TTY is used for output only, the executed process will not become the controlling process of
the terminal, and will not fail or wait for other processes to release the terminal. Note: if a unit
tries to print multiple lines to a TTY during bootup or shutdown, then there's a chance that those
lines will be broken up by status messages. <function>SetShowStatus()</function> can be used to
prevent this problem. See
<citerefentry project="man-pages"><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details.</para>
the terminal, and will not fail or wait for other processes to release the terminal.</para>
<para><option>journal</option> connects standard output with the journal, which is accessible via
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. Note

View File

@ -568,11 +568,7 @@
<listitem><para>Enables display of status messages on the
console, as controlled via
<varname>systemd.show_status=1</varname> on the kernel command
line.</para>
<para>You may want to use <function>SetShowStatus()</function> instead of
<constant>SIGRTMIN+20</constant> in order to prevent race conditions. See
<citerefentry project="man-pages"><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para></listitem>
line.</para></listitem>
</varlistentry>
<varlistentry>
@ -583,11 +579,7 @@
controlled via
<varname>systemd.show_status=0</varname>
on the kernel command
line.</para>
<para>You may want to use <function>SetShowStatus()</function> instead of
<constant>SIGRTMIN+21</constant> in order to prevent race conditions. See
<citerefentry project="man-pages"><refentrytitle>org.freedesktop.systemd1</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para></listitem>
line.</para></listitem>
</varlistentry>
<varlistentry>

View File

@ -539,10 +539,6 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
service, the line is silently skipped. If <literal>^</literal> and <literal>~</literal> are combined
Base64 decoding is applied to the credential contents.</para>
<para>If the dollar sign (<literal>$</literal>) is used, the file becomes subject to removal when
<command>systemd-tmpfiles</command> is invoked with the <option>--purge</option> switch. Lines without
this character are unaffected by that switch.</para>
<para>Note that for all line types that result in creation of any kind of file node
(i.e. <varname>f</varname>,
<varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>,

View File

@ -141,12 +141,6 @@
For example, e"string\n" is parsed as 7 characters: 6 lowercase letters and a newline.
This can be useful for writing special characters when a kernel driver requires them.</para>
<para>The string can be prefixed with a lowercase i (i"string") to mark that the string or pattern
will match case-insensitively. For example, i"foo" will match
<literal>foo</literal>, <literal>FOO</literal>, <literal>FoO</literal> and so on. The prefix can be
used only for match (<literal>==</literal>) or unmatch (<literal>!=</literal>) rules, e.g.
<varname>ATTR{foo}==i"abcd"</varname>.</para>
<para>Please note that <constant>NUL</constant> is not allowed in either string variant.</para>
</refsect2>

View File

@ -58,18 +58,23 @@ OPTIONS=(
)
EOF
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
rm /usr/share/makepkg/lint_pkgbuild/*
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
sed --in-place "pkg/$PKG_SUBDIR/PKGBUILD" \
--expression "s/^_tag=.*/_tag=$(cat meson.version)/" \
--expression "s/^pkgrel=.*/pkgrel=$(date "+%Y%m%d%H%M%S" --date "@$TS")/"
# Replace cdrom/dialout/tape groups with optical/uucp/storage. We apply this patch manually because we run
# with --noprepare.
patch -Np1 -i pkg/arch/0001-Use-Arch-Linux-device-access-groups.patch
# We get around makepkg's root check by setting EUID to something else.
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
# shellcheck disable=SC2046
env --chdir="pkg/$PKG_SUBDIR" \
EUID=123 \
MAKEPKG_LINT_PKGBUILD=0 \
makepkg \
--noextract \
--noprepare \

View File

@ -9,7 +9,7 @@ Environment=
GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
GIT_SUBDIR=debian
GIT_BRANCH=debian/master
GIT_COMMIT=0704bfd93f407eb4622c724328a5693155f913a1
GIT_COMMIT=bb6db3edfe40fe1a98cdcc6d2d07a7dac38aefc5
PKG_SUBDIR=debian
Packages=

View File

@ -3,11 +3,18 @@
set -e
set -o nounset
if [[ "$DISTRIBUTION" =~ ubuntu|debian ]]; then
SUDO_GROUP=sudo
else
SUDO_GROUP=wheel
fi
useradd \
--uid 4711 \
--user-group \
--create-home \
--password "$(openssl passwd -1 testuser)" \
--groups "$SUDO_GROUP",systemd-journal \
--shell /bin/bash \
testuser

109
po/fi.po
View File

@ -2,21 +2,21 @@
#
# Finnish translation of systemd.
# Jan Kuparinen <copper_fin@hotmail.com>, 2021, 2022, 2023.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022, 2024.
# Ricky Tigg <ricky.tigg@gmail.com>, 2022.
msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-08-23 15:33+0200\n"
"PO-Revision-Date: 2024-09-12 13:43+0000\n"
"Last-Translator: Ricky Tigg <ricky.tigg@gmail.com>\n"
"PO-Revision-Date: 2023-08-21 17:21+0000\n"
"Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
"Language-Team: Finnish <https://translate.fedoraproject.org/projects/systemd/"
"main/fi/>\n"
"master/fi/>\n"
"Language: fi\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 5.7.2\n"
"X-Generator: Weblate 4.18.2\n"
#: src/core/org.freedesktop.systemd1.policy.in:22
msgid "Send passphrase back to system"
@ -129,12 +129,14 @@ msgid ""
msgstr "Todennus vaaditaan käyttäjän kotialueen salasanan vaihtamiseksi."
#: src/home/org.freedesktop.home1.policy:73
#, fuzzy
msgid "Activate a home area"
msgstr "Aktivoi kotialue"
msgstr "Luo kotialue"
#: src/home/org.freedesktop.home1.policy:74
#, fuzzy
msgid "Authentication is required to activate a user's home area."
msgstr "Todennus vaaditaan käyttäjän kotialueen aktivoimiseksi."
msgstr "Todennus vaaditaan käyttäjän kotialueen luomiseksi."
#: src/home/pam_systemd_home.c:293
#, c-format
@ -362,37 +364,47 @@ msgid "Authentication is required to get system description."
msgstr "Järjestelmän kuvauksen saamiseksi vaaditaan todennus."
#: src/import/org.freedesktop.import1.policy:22
#, fuzzy
msgid "Import a disk image"
msgstr "Tuo levykuva"
msgstr "Tuo virtuaalikoneen tai kontin levykuva"
#: src/import/org.freedesktop.import1.policy:23
#, fuzzy
msgid "Authentication is required to import an image."
msgstr "Levykuvan tuonti edellyttää todennusta."
msgstr ""
"Todennus vaaditaan, jos haluat tuoda virtuaalikoneen tai kontin levykuvan"
#: src/import/org.freedesktop.import1.policy:32
#, fuzzy
msgid "Export a disk image"
msgstr "Vie levykuva"
msgstr "Vie virtuaalikoneen tai kontin levykuva"
#: src/import/org.freedesktop.import1.policy:33
#, fuzzy
msgid "Authentication is required to export disk image."
msgstr "Todennus vaaditaan levykuvan viemiseen."
msgstr ""
"Todennus vaaditaan, jos haluat viedä virtuaalikoneen tai kontin levykuvan"
#: src/import/org.freedesktop.import1.policy:42
#, fuzzy
msgid "Download a disk image"
msgstr "Lataa levykuva"
msgstr "Lataa virtuaalikoneen tai kontin levykuva"
#: src/import/org.freedesktop.import1.policy:43
#, fuzzy
msgid "Authentication is required to download a disk image."
msgstr "Todennus vaaditaan levykuvan lataamiseen."
msgstr ""
"Todennus vaaditaan, jos haluat ladata virtuaalikoneen tai kontin levykuvan"
#: src/import/org.freedesktop.import1.policy:52
msgid "Cancel transfer of a disk image"
msgstr "Peruuta levykuvan siirto"
msgstr ""
#: src/import/org.freedesktop.import1.policy:53
#, fuzzy
msgid ""
"Authentication is required to cancel the ongoing transfer of a disk image."
msgstr "Todennus vaaditaan meneillään olevan levykuvan siirron peruuttamiseksi."
msgstr "Todennus vaaditaan käyttäjän kotialueen salasanan vaihtamiseksi."
#: src/locale/org.freedesktop.locale1.policy:22
msgid "Set system locale"
@ -785,8 +797,9 @@ msgid "Set a wall message"
msgstr "Aseta seinäviesti"
#: src/login/org.freedesktop.login1.policy:397
#, fuzzy
msgid "Authentication is required to set a wall message."
msgstr "Todennus vaaditaan seinäviestin asettamiseen."
msgstr "Seinäviestin asettaminen edellyttää todennusta"
#: src/login/org.freedesktop.login1.policy:406
msgid "Change Session"
@ -856,13 +869,16 @@ msgstr ""
"Todennus vaaditaan paikallisten virtuaalikoneiden ja konttien hallintaan."
#: src/machine/org.freedesktop.machine1.policy:95
#, fuzzy
msgid "Create a local virtual machine or container"
msgstr "Luo paikallinen virtuaalikone tai säilö"
msgstr "Hallitse paikallisia virtuaalikoneita ja kontteja"
#: src/machine/org.freedesktop.machine1.policy:96
#, fuzzy
msgid ""
"Authentication is required to create a local virtual machine or container."
msgstr "Todennus vaaditaan paikallisen virtuaalikoneen tai säilön luomiseen."
msgstr ""
"Todennus vaaditaan paikallisten virtuaalikoneiden ja konttien hallintaan."
#: src/machine/org.freedesktop.machine1.policy:106
msgid "Manage local virtual machine and container images"
@ -1021,15 +1037,13 @@ msgstr "Todennus vaaditaan verkkokäyttöliittymän määrittämiseksi uudelleen
#: src/network/org.freedesktop.network1.policy:187
msgid "Specify whether persistent storage for systemd-networkd is available"
msgstr "Määritä, onko systemd-networkd:lle saatavana pysyvä tallennustila"
msgstr ""
#: src/network/org.freedesktop.network1.policy:188
msgid ""
"Authentication is required to specify whether persistent storage for systemd-"
"networkd is available."
msgstr ""
"Todennus vaaditaan sen määrittämiseksi, onko systemd-networkd:lle pysyvä "
"tallennustila saatavana."
#: src/portable/org.freedesktop.portable1.policy:13
msgid "Inspect a portable service image"
@ -1066,16 +1080,18 @@ msgid "Register a DNS-SD service"
msgstr "Rekisteröi DNS-SD-palvelu"
#: src/resolve/org.freedesktop.resolve1.policy:23
#, fuzzy
msgid "Authentication is required to register a DNS-SD service."
msgstr "Todennus vaaditaan DNS-SD-palvelun rekisteröimiseksi."
msgstr "Todennus vaaditaan DNS-SD-palvelun rekisteröimiseksi"
#: src/resolve/org.freedesktop.resolve1.policy:33
msgid "Unregister a DNS-SD service"
msgstr "Poista DNS-SD-palvelun rekisteröinti"
#: src/resolve/org.freedesktop.resolve1.policy:34
#, fuzzy
msgid "Authentication is required to unregister a DNS-SD service."
msgstr "Todennus vaaditaan DNS-SD-palvelun rekisteröinnin poistamiseksi."
msgstr "Todennus vaaditaan DNS-SD-palvelun rekisteröinnin poistamiseksi"
#: src/resolve/org.freedesktop.resolve1.policy:132
msgid "Revert name resolution settings"
@ -1087,79 +1103,86 @@ msgstr "Todennus vaaditaan aiempien nimipalveluasetusten palauttamiseksi."
#: src/resolve/org.freedesktop.resolve1.policy:143
msgid "Subscribe query results"
msgstr "Tilauskyselyn tulokset"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:144
#, fuzzy
msgid "Authentication is required to subscribe query results."
msgstr "Todennus vaaditaan kyselytulosten tilaamiseen."
msgstr "Todennus vaaditaan järjestelmän pysäyttämiseksi väliaikaisesti."
#: src/resolve/org.freedesktop.resolve1.policy:154
msgid "Dump cache"
msgstr "Tyhjennä välimuisti"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:155
#, fuzzy
msgid "Authentication is required to dump cache."
msgstr "Todennus vaaditaan välimuistin tyhjentämiseen."
msgstr "Todennus vaaditaan toimialueiden asettamiseen."
#: src/resolve/org.freedesktop.resolve1.policy:165
msgid "Dump server state"
msgstr "Tyhjennä palvelimen tila"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:166
#, fuzzy
msgid "Authentication is required to dump server state."
msgstr "Todennus vaaditaan palvelimen tilan tyhjentämiseksi."
msgstr "Todennus vaaditaan NTP-palvelimien asettamiseen."
#: src/resolve/org.freedesktop.resolve1.policy:176
msgid "Dump statistics"
msgstr "Tyhjennä tilastot"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:177
#, fuzzy
msgid "Authentication is required to dump statistics."
msgstr "Todennus vaaditaan tilastojen tyhjentämiseen."
msgstr "Todennus vaaditaan toimialueiden asettamiseen."
#: src/resolve/org.freedesktop.resolve1.policy:187
msgid "Reset statistics"
msgstr "Nollaa tilastot"
msgstr ""
#: src/resolve/org.freedesktop.resolve1.policy:188
#, fuzzy
msgid "Authentication is required to reset statistics."
msgstr "Todennus vaaditaan tilastojen nollaamiseen."
msgstr "Todennus vaaditaan aiempien NTP-asetusten palauttamiseksi."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:35
msgid "Check for system updates"
msgstr "Tarkista, onko järjestelmäpäivityksiä"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:36
#, fuzzy
msgid "Authentication is required to check for system updates."
msgstr "Todennus vaaditaan järjestelmäpäivitysten tarkistamiseen."
msgstr "Todennus vaaditaan järjestelmän ajan asettamiseksi."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:45
msgid "Install system updates"
msgstr "Asenna järjestelmäpäivitykset"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:46
#, fuzzy
msgid "Authentication is required to install system updates."
msgstr "Todennus vaaditaan järjestelmäpäivitysten asentamiseen."
msgstr "Todennus vaaditaan järjestelmän ajan asettamiseksi."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:55
msgid "Install specific system version"
msgstr "Asenna tietty järjestelmäversio"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:56
#, fuzzy
msgid ""
"Authentication is required to update the system to a specific (possibly old) "
"version."
msgstr ""
"Todennus vaaditaan järjestelmän päivittämiseen tiettyyn, mahdollisesti "
"vanhaan versioon."
msgstr "Todennus vaaditaan järjestelmän aikavyöhykkeen asettamiseksi."
#: src/sysupdate/org.freedesktop.sysupdate1.policy:65
msgid "Cleanup old system updates"
msgstr "Puhdista vanhat järjestelmäpäivitykset"
msgstr ""
#: src/sysupdate/org.freedesktop.sysupdate1.policy:66
#, fuzzy
msgid "Authentication is required to cleanup old system updates."
msgstr "Todennus vaaditaan vanhojen järjestelmäpäivitysten puhdistamiseen."
msgstr "Todennus vaaditaan järjestelmän ajan asettamiseksi."
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -9,5 +9,5 @@ ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block",
# watch metadata changes, caused by tools closing the device node which was opened for writing
ACTION!="remove", SUBSYSTEM=="block", \
KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|rbd*|zram*", \
KERNEL=="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|rbd*", \
OPTIONS+="watch"

View File

@ -7,7 +7,7 @@ ACTION=="remove", GOTO="persistent_storage_end"
ENV{UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG}=="1", GOTO="persistent_storage_end"
SUBSYSTEM!="block|ubi", GOTO="persistent_storage_end"
KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|rbd*|zram*", GOTO="persistent_storage_end"
KERNEL!="loop*|mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|nvme*|sd*|sr*|vd*|xvd*|bcache*|cciss*|dasd*|ubd*|ubi*|scm*|pmem*|nbd*|zd*|rbd*", GOTO="persistent_storage_end"
# ignore partitions that span the entire disk
TEST=="whole_disk", GOTO="persistent_storage_end"

View File

@ -1,9 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "analyze.h"
#include "analyze-has-tpm2.h"
#include "tpm2-util.h"
int verb_has_tpm2(int argc, char **argv, void *userdata) {
return verb_has_tpm2_generic(arg_quiet);
}

View File

@ -1,4 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
int verb_has_tpm2(int argc, char *argv[], void *userdata);

View File

@ -26,7 +26,6 @@
#include "analyze-exit-status.h"
#include "analyze-fdstore.h"
#include "analyze-filesystems.h"
#include "analyze-has-tpm2.h"
#include "analyze-image-policy.h"
#include "analyze-inspect-elf.h"
#include "analyze-log-control.h"
@ -254,7 +253,6 @@ static int help(int argc, char *argv[], void *userdata) {
"\n%3$sExecutable Analysis:%4$s\n"
" inspect-elf FILE... Parse and print ELF package metadata\n"
"\n%3$sTPM Operations:%4$s\n"
" has-tpm2 Report whether TPM2 support is available\n"
" pcrs [PCR...] Show TPM2 PCRs and their names\n"
" srk [>FILE] Write TPM2 SRK (to FILE)\n"
"\n%3$sOptions:%4$s\n"
@ -702,7 +700,6 @@ static int run(int argc, char *argv[]) {
{ "malloc", VERB_ANY, VERB_ANY, 0, verb_malloc },
{ "fdstore", 2, VERB_ANY, 0, verb_fdstore },
{ "image-policy", 2, 2, 0, verb_image_policy },
{ "has-tpm2", VERB_ANY, 1, 0, verb_has_tpm2 },
{ "pcrs", VERB_ANY, VERB_ANY, 0, verb_pcrs },
{ "srk", VERB_ANY, 1, 0, verb_srk },
{ "architectures", VERB_ANY, VERB_ANY, 0, verb_architectures },

View File

@ -14,7 +14,6 @@ systemd_analyze_sources = files(
'analyze-exit-status.c',
'analyze-fdstore.c',
'analyze-filesystems.c',
'analyze-has-tpm2.c',
'analyze-image-policy.c',
'analyze-inspect-elf.c',
'analyze-log-control.c',

View File

@ -221,12 +221,6 @@ const char* const systemd_features =
" -BPF_FRAMEWORK"
#endif
#if HAVE_VMLINUX_H
" +BTF"
#else
" -BTF"
#endif
#if HAVE_XKBCOMMON
" +XKBCOMMON"
#else
@ -253,7 +247,7 @@ const char* const systemd_features =
;
static char* systemd_features_with_color(void) {
static char *systemd_features_with_color(void) {
const char *p = systemd_features;
_cleanup_free_ char *ret = NULL;
int r;

View File

@ -145,10 +145,8 @@ int efi_get_variable(
int efi_get_variable_string(const char *variable, char **ret) {
_cleanup_free_ void *s = NULL;
size_t ss = 0;
char *x;
int r;
assert(variable);
char *x;
r = efi_get_variable(variable, NULL, &s, &ss);
if (r < 0)
@ -158,27 +156,10 @@ int efi_get_variable_string(const char *variable, char **ret) {
if (!x)
return -ENOMEM;
if (ret)
*ret = x;
*ret = x;
return 0;
}
int efi_get_variable_path(const char *variable, char **ret) {
int r;
assert(variable);
r = efi_get_variable_string(variable, ret);
if (r < 0)
return r;
if (ret)
efi_tilt_backslashes(*ret);
return r;
}
static int efi_verify_variable(const char *variable, uint32_t attr, const void *value, size_t size) {
_cleanup_free_ void *buf = NULL;
size_t n;

View File

@ -11,7 +11,6 @@
#include "sd-id128.h"
#include "efivars-fundamental.h"
#include "string-util.h"
#include "time-util.h"
#define EFI_VENDOR_LOADER SD_ID128_MAKE(4a,67,b0,82,0a,4c,41,cf,b6,c7,44,0b,29,bb,8c,4f)
@ -48,7 +47,6 @@
int efi_get_variable(const char *variable, uint32_t *attribute, void **ret_value, size_t *ret_size);
int efi_get_variable_string(const char *variable, char **ret);
int efi_get_variable_path(const char *variable, char **ret);
int efi_set_variable(const char *variable, const void *value, size_t size);
int efi_set_variable_string(const char *variable, const char *p);
@ -70,10 +68,6 @@ static inline int efi_get_variable_string(const char *variable, char **ret) {
return -EOPNOTSUPP;
}
static inline int efi_get_variable_path(const char *variable, char **ret) {
return -EOPNOTSUPP;
}
static inline int efi_set_variable(const char *variable, const void *value, size_t size) {
return -EOPNOTSUPP;
}
@ -106,7 +100,3 @@ static inline int systemd_efi_options_efivarfs_if_newer(char **line) {
return -ENODATA;
}
#endif
static inline char *efi_tilt_backslashes(char *s) {
return string_replace_char(s, '\\', '/');
}

View File

@ -1,37 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "format-ifname.h"
#include "string-util.h"
assert_cc(STRLEN("%") + DECIMAL_STR_MAX(int) <= IF_NAMESIZE);
int format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
if (ifindex <= 0)
return -EINVAL;
if (if_indextoname(ifindex, buf))
return 0;
if (!FLAGS_SET(flag, FORMAT_IFNAME_IFINDEX))
return -errno;
if (FLAGS_SET(flag, FORMAT_IFNAME_IFINDEX_WITH_PERCENT))
assert_se(snprintf_ok(buf, IF_NAMESIZE, "%%%d", ifindex));
else
assert_se(snprintf_ok(buf, IF_NAMESIZE, "%d", ifindex));
return 0;
}
int format_ifname_full_alloc(int ifindex, FormatIfnameFlag flag, char **ret) {
char buf[IF_NAMESIZE];
int r;
assert(ret);
r = format_ifname_full(ifindex, flag, buf);
if (r < 0)
return r;
return strdup_to(ret, buf);
}

View File

@ -1,27 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <net/if.h>
typedef enum {
FORMAT_IFNAME_IFINDEX = 1 << 0,
FORMAT_IFNAME_IFINDEX_WITH_PERCENT = (1 << 1) | FORMAT_IFNAME_IFINDEX,
} FormatIfnameFlag;
int format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]);
int format_ifname_full_alloc(int ifindex, FormatIfnameFlag flag, char **ret);
static inline int format_ifname(int ifindex, char buf[static IF_NAMESIZE]) {
return format_ifname_full(ifindex, 0, buf);
}
static inline int format_ifname_alloc(int ifindex, char **ret) {
return format_ifname_full_alloc(ifindex, 0, ret);
}
static inline char* _format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
(void) format_ifname_full(ifindex, flag, buf);
return buf;
}
#define FORMAT_IFNAME_FULL(index, flag) _format_ifname_full(index, flag, (char[IF_NAMESIZE]){})
#define FORMAT_IFNAME(index) _format_ifname_full(index, 0, (char[IF_NAMESIZE]){})

View File

@ -5,6 +5,38 @@
#include "stdio-util.h"
#include "strxcpyx.h"
assert_cc(STRLEN("%") + DECIMAL_STR_MAX(int) <= IF_NAMESIZE);
int format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
if (ifindex <= 0)
return -EINVAL;
if (if_indextoname(ifindex, buf))
return 0;
if (!FLAGS_SET(flag, FORMAT_IFNAME_IFINDEX))
return -errno;
if (FLAGS_SET(flag, FORMAT_IFNAME_IFINDEX_WITH_PERCENT))
assert(snprintf_ok(buf, IF_NAMESIZE, "%%%d", ifindex));
else
assert(snprintf_ok(buf, IF_NAMESIZE, "%d", ifindex));
return 0;
}
int format_ifname_full_alloc(int ifindex, FormatIfnameFlag flag, char **ret) {
char buf[IF_NAMESIZE];
int r;
assert(ret);
r = format_ifname_full(ifindex, flag, buf);
if (r < 0)
return r;
return strdup_to(ret, buf);
}
char* format_bytes_full(char *buf, size_t l, uint64_t t, FormatBytesFlag flag) {
typedef struct {
const char *suffix;

View File

@ -2,6 +2,7 @@
#pragma once
#include <inttypes.h>
#include <net/if.h>
#include <stdbool.h>
#include "cgroup-util.h"
@ -65,6 +66,29 @@ assert_cc(sizeof(gid_t) == sizeof(uint32_t));
# error Unknown ino_t size
#endif
typedef enum {
FORMAT_IFNAME_IFINDEX = 1 << 0,
FORMAT_IFNAME_IFINDEX_WITH_PERCENT = (1 << 1) | FORMAT_IFNAME_IFINDEX,
} FormatIfnameFlag;
int format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]);
int format_ifname_full_alloc(int ifindex, FormatIfnameFlag flag, char **ret);
static inline int format_ifname(int ifindex, char buf[static IF_NAMESIZE]) {
return format_ifname_full(ifindex, 0, buf);
}
static inline int format_ifname_alloc(int ifindex, char **ret) {
return format_ifname_full_alloc(ifindex, 0, ret);
}
static inline char* _format_ifname_full(int ifindex, FormatIfnameFlag flag, char buf[static IF_NAMESIZE]) {
(void) format_ifname_full(ifindex, flag, buf);
return buf;
}
#define FORMAT_IFNAME_FULL(index, flag) _format_ifname_full(index, flag, (char[IF_NAMESIZE]){})
#define FORMAT_IFNAME(index) _format_ifname_full(index, 0, (char[IF_NAMESIZE]){})
typedef enum {
FORMAT_BYTES_USE_IEC = 1 << 0,
FORMAT_BYTES_BELOW_POINT = 1 << 1,

View File

@ -300,10 +300,9 @@ int log_emergency_level(void);
#define log_dump(level, buffer) \
log_dump_internal(level, 0, PROJECT_FILE, __LINE__, __func__, buffer)
#define log_oom_full(level) log_oom_internal(level, PROJECT_FILE, __LINE__, __func__)
#define log_oom() log_oom_full(LOG_ERR)
#define log_oom_debug() log_oom_full(LOG_DEBUG)
#define log_oom_warning() log_oom_full(LOG_WARNING)
#define log_oom() log_oom_internal(LOG_ERR, PROJECT_FILE, __LINE__, __func__)
#define log_oom_debug() log_oom_internal(LOG_DEBUG, PROJECT_FILE, __LINE__, __func__)
#define log_oom_warning() log_oom_internal(LOG_WARNING, PROJECT_FILE, __LINE__, __func__)
bool log_on_console(void) _pure_;

View File

@ -33,7 +33,6 @@ basic_sources = files(
'fd-util.c',
'fileio.c',
'filesystems.c',
'format-ifname.c',
'format-util.c',
'fs-util.c',
'gcrypt-util.c',

View File

@ -28,7 +28,7 @@ int sigaction_many_internal(const struct sigaction *sa, ...);
int sigset_add_many_internal(sigset_t *ss, ...);
#define sigset_add_many(...) sigset_add_many_internal(__VA_ARGS__, -1)
int sigprocmask_many_internal(int how, sigset_t *ret_old_mask, ...);
int sigprocmask_many_internal(int how, sigset_t *old, ...);
#define sigprocmask_many(...) sigprocmask_many_internal(__VA_ARGS__, -1)
const char* signal_to_string(int i) _const_;

View File

@ -21,7 +21,7 @@
#include "escape.h"
#include "fd-util.h"
#include "fileio.h"
#include "format-ifname.h"
#include "format-util.h"
#include "io-util.h"
#include "log.h"
#include "memory-util.h"

View File

@ -153,7 +153,7 @@ bool strv_overlap(char * const *a, char * const *b) _pure_;
_STRV_FOREACH_BACKWARDS(s, l, UNIQ_T(h, UNIQ), UNIQ_T(i, UNIQ))
#define _STRV_FOREACH_PAIR(x, y, l, i) \
for (typeof(*(l)) *x, *y, *i = (l); \
for (typeof(*l) *x, *y, *i = (l); \
i && *(x = i) && *(y = i + 1); \
i += 2)

View File

@ -95,6 +95,7 @@ fsopen
fspick
fstat
fstat64
fstatat
fstatat64
fstatfs
fstatfs64
@ -246,6 +247,7 @@ munlockall
munmap
name_to_handle_at
nanosleep
newfstat
newfstatat
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 540
fspick 543
fstat 91
fstat64 427
fstatat
fstatat64 455
fstatfs 329
fstatfs64 529
@ -246,6 +247,7 @@ munlockall 317
munmap 73
name_to_handle_at 497
nanosleep 340
newfstat
newfstatat
nice
old_adjtimex 303

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat
fstat64 80
fstatat
fstatat64 79
fstatfs
fstatfs64 44
@ -246,6 +247,7 @@ munlockall 231
munmap 215
name_to_handle_at 264
nanosleep 101
newfstat
newfstatat
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64 197
fstatat
fstatat64 327
fstatfs 100
fstatfs64 267
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 370
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -93,8 +93,9 @@ fsetxattr 7
fsmount 432
fsopen 430
fspick 433
fstat 80
fstat
fstat64
fstatat
fstatat64
fstatfs 44
fstatfs64
@ -246,6 +247,7 @@ munlockall 231
munmap 215
name_to_handle_at 264
nanosleep 101
newfstat 80
newfstatat 79
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64 197
fstatat
fstatat64 300
fstatfs 100
fstatfs64 269
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 341
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -93,8 +93,9 @@ fsetxattr 7
fsmount 432
fsopen 430
fspick 433
fstat 80
fstat
fstat64
fstatat
fstatat64
fstatfs 44
fstatfs64
@ -246,6 +247,7 @@ munlockall 231
munmap 215
name_to_handle_at 264
nanosleep 101
newfstat 80
newfstatat 79
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64 197
fstatat
fstatat64 293
fstatfs 100
fstatfs64 264
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 340
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 5430
fspick 5433
fstat 5005
fstat64
fstatat
fstatat64
fstatfs 5135
fstatfs64
@ -246,6 +247,7 @@ munlockall 5149
munmap 5011
name_to_handle_at 5298
nanosleep 5034
newfstat
newfstatat 5252
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 6430
fspick 6433
fstat 6005
fstat64
fstatat
fstatat64
fstatfs 6135
fstatfs64 6218
@ -246,6 +247,7 @@ munlockall 6149
munmap 6011
name_to_handle_at 6303
nanosleep 6034
newfstat
newfstatat 6256
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 4430
fspick 4433
fstat 4108
fstat64 4215
fstatat
fstatat64 4293
fstatfs 4100
fstatfs64 4256
@ -246,6 +247,7 @@ munlockall 4157
munmap 4091
name_to_handle_at 4339
nanosleep 4166
newfstat
newfstatat
nice 4034
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 28
fstat64 112
fstatat
fstatat64 280
fstatfs 100
fstatfs64 299
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 325
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64 197
fstatat
fstatat64 291
fstatfs 100
fstatfs64 253
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 345
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64
fstatat
fstatat64
fstatfs 100
fstatfs64 253
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 345
nanosleep 162
newfstat
newfstatat 291
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat
fstat64
fstatat
fstatat64
fstatfs
fstatfs64 44
@ -246,6 +247,7 @@ munlockall 231
munmap 215
name_to_handle_at 264
nanosleep
newfstat
newfstatat
nice
old_adjtimex

View File

@ -93,8 +93,9 @@ fsetxattr 7
fsmount 432
fsopen 430
fspick 433
fstat 80
fstat
fstat64
fstatat
fstatat64
fstatfs 44
fstatfs64
@ -246,6 +247,7 @@ munlockall 231
munmap 215
name_to_handle_at 264
nanosleep 101
newfstat 80
newfstatat 79
nice
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64 197
fstatat
fstatat64 293
fstatfs 100
fstatfs64 266
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 335
nanosleep 162
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 108
fstat64
fstatat
fstatat64
fstatfs 100
fstatfs64 266
@ -246,6 +247,7 @@ munlockall 153
munmap 91
name_to_handle_at 335
nanosleep 162
newfstat
newfstatat 293
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 62
fstat64 63
fstatat
fstatat64 289
fstatfs 158
fstatfs64 235
@ -246,6 +247,7 @@ munlockall 240
munmap 73
name_to_handle_at 332
nanosleep 249
newfstat
newfstatat
nice 34
old_adjtimex

View File

@ -95,6 +95,7 @@ fsopen 430
fspick 433
fstat 5
fstat64
fstatat
fstatat64
fstatfs 138
fstatfs64
@ -246,6 +247,7 @@ munlockall 152
munmap 11
name_to_handle_at 303
nanosleep 35
newfstat
newfstatat 262
nice
old_adjtimex

View File

@ -44,42 +44,8 @@ char* sysctl_normalize(char *s) {
return s;
}
static int shadow_update(Hashmap **shadow, const char *property, const char *value) {
_cleanup_free_ char *k = NULL, *v = NULL, *cur_k = NULL, *cur_v = NULL;
int r;
assert(property);
assert(value);
if (!shadow)
return 0;
k = strdup(property);
if (!k)
return -ENOMEM;
v = strdup(value);
if (!v)
return -ENOMEM;
cur_v = hashmap_remove2(*shadow, k, (void**)&cur_k);
r = hashmap_ensure_put(shadow, &path_hash_ops_free_free, k, v);
if (r < 0) {
assert(r != -EEXIST);
return r;
}
TAKE_PTR(k);
TAKE_PTR(v);
return 0;
}
int sysctl_write_full(const char *property, const char *value, Hashmap **shadow) {
int sysctl_write(const char *property, const char *value) {
char *p;
int r;
assert(property);
assert(value);
@ -92,10 +58,6 @@ int sysctl_write_full(const char *property, const char *value, Hashmap **shadow)
log_debug("Setting '%s' to '%s'", p, value);
r = shadow_update(shadow, p, value);
if (r < 0)
return r;
return write_string_file(p, value, WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_SUPPRESS_REDUNDANT_VIRTUAL);
}
@ -114,7 +76,7 @@ int sysctl_writef(const char *property, const char *format, ...) {
return sysctl_write(property, v);
}
int sysctl_write_ip_property(int af, const char *ifname, const char *property, const char *value, Hashmap **shadow) {
int sysctl_write_ip_property(int af, const char *ifname, const char *property, const char *value) {
const char *p;
assert(property);
@ -131,10 +93,10 @@ int sysctl_write_ip_property(int af, const char *ifname, const char *property, c
} else
p = strjoina("net/", af_to_ipv4_ipv6(af), "/", property);
return sysctl_write_full(p, value, shadow);
return sysctl_write(p, value);
}
int sysctl_write_ip_neighbor_property(int af, const char *ifname, const char *property, const char *value, Hashmap **shadow) {
int sysctl_write_ip_neighbor_property(int af, const char *ifname, const char *property, const char *value) {
const char *p;
assert(property);
@ -151,7 +113,7 @@ int sysctl_write_ip_neighbor_property(int af, const char *ifname, const char *pr
} else
p = strjoina("net/", af_to_ipv4_ipv6(af), "/neigh/default/", property);
return sysctl_write_full(p, value, shadow);
return sysctl_write(p, value);
}
int sysctl_read(const char *property, char **ret) {

View File

@ -10,30 +10,27 @@
char* sysctl_normalize(char *s);
int sysctl_read(const char *property, char **value);
int sysctl_write_full(const char *property, const char *value, Hashmap **shadow);
int sysctl_write(const char *property, const char *value);
int sysctl_writef(const char *property, const char *format, ...) _printf_(2, 3);
static inline int sysctl_write(const char *property, const char *value) {
return sysctl_write_full(property, value, NULL);
}
int sysctl_read_ip_property(int af, const char *ifname, const char *property, char **ret);
int sysctl_write_ip_property(int af, const char *ifname, const char *property, const char *value, Hashmap **shadow);
static inline int sysctl_write_ip_property_boolean(int af, const char *ifname, const char *property, bool value, Hashmap **shadow) {
return sysctl_write_ip_property(af, ifname, property, one_zero(value), shadow);
int sysctl_write_ip_property(int af, const char *ifname, const char *property, const char *value);
static inline int sysctl_write_ip_property_boolean(int af, const char *ifname, const char *property, bool value) {
return sysctl_write_ip_property(af, ifname, property, one_zero(value));
}
int sysctl_write_ip_neighbor_property(int af, const char *ifname, const char *property, const char *value, Hashmap **shadow);
static inline int sysctl_write_ip_neighbor_property_uint32(int af, const char *ifname, const char *property, uint32_t value, Hashmap **shadow) {
int sysctl_write_ip_neighbor_property(int af, const char *ifname, const char *property, const char *value);
static inline int sysctl_write_ip_neighbor_property_uint32(int af, const char *ifname, const char *property, uint32_t value) {
char buf[DECIMAL_STR_MAX(uint32_t)];
xsprintf(buf, "%u", value);
return sysctl_write_ip_neighbor_property(af, ifname, property, buf, shadow);
return sysctl_write_ip_neighbor_property(af, ifname, property, buf);
}
#define DEFINE_SYSCTL_WRITE_IP_PROPERTY(name, type, format) \
static inline int sysctl_write_ip_property_##name(int af, const char *ifname, const char *property, type value, Hashmap **shadow) { \
static inline int sysctl_write_ip_property_##name(int af, const char *ifname, const char *property, type value) { \
char buf[DECIMAL_STR_MAX(type)]; \
xsprintf(buf, format, value); \
return sysctl_write_ip_property(af, ifname, property, buf, shadow); \
return sysctl_write_ip_property(af, ifname, property, buf); \
}
DEFINE_SYSCTL_WRITE_IP_PROPERTY(int, int, "%i");

View File

@ -255,25 +255,6 @@ int ask_string(char **ret, const char *text, ...) {
return 0;
}
bool any_key_to_proceed(void) {
char key = 0;
bool need_nl = true;
/*
* Insert a new line here as well as to when the user inputs, as this is also used during the
* boot up sequence when status messages may be interleaved with the current program output.
* This ensures that the status messages aren't appended on the same line as this message.
*/
puts("-- Press any key to proceed --");
(void) read_one_char(stdin, &key, USEC_INFINITY, &need_nl);
if (need_nl)
putchar('\n');
return key != 'q';
}
int open_terminal(const char *name, int mode) {
_cleanup_close_ int fd = -EBADF;
unsigned c = 0;

View File

@ -78,7 +78,6 @@ int chvt(int vt);
int read_one_char(FILE *f, char *ret, usec_t timeout, bool *need_nl);
int ask_char(char *ret, const char *replies, const char *text, ...) _printf_(3, 4);
int ask_string(char **ret, const char *text, ...) _printf_(2, 3);
bool any_key_to_proceed(void);
int vt_disallocate(const char *name);

View File

@ -219,12 +219,14 @@ static int acquire_boot_count_path(
uint64_t left, done;
int r;
r = efi_get_variable_path(EFI_LOADER_VARIABLE(LoaderBootCountPath), &path);
r = efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderBootCountPath), &path);
if (r == -ENOENT)
return -EUNATCH; /* in this case, let the caller print a message */
if (r < 0)
return log_error_errno(r, "Failed to read LoaderBootCountPath EFI variable: %m");
efi_tilt_backslashes(path);
if (!path_is_normalized(path))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Path read from LoaderBootCountPath is not normalized, refusing: %s",

View File

@ -298,24 +298,12 @@ fail:
return r;
}
static int efi_get_variable_string_and_warn(const char *variable, char **ret) {
static void read_efi_var(const char *variable, char **ret) {
int r;
r = efi_get_variable_string(variable, ret);
if (r < 0 && r != -ENOENT)
return log_warning_errno(r, "Failed to read EFI variable '%s', ignoring: %m", variable);
return r;
}
static int efi_get_variable_path_and_warn(const char *variable, char **ret) {
int r;
r = efi_get_variable_path(variable, ret);
if (r < 0 && r != -ENOENT)
return log_warning_errno(r, "Failed to read EFI variable '%s', ignoring: %m", variable);
return r;
log_warning_errno(r, "Failed to read EFI variable %s: %m", variable);
}
static void print_yes_no_line(bool first, bool good, const char *name) {
@ -408,23 +396,26 @@ int verb_status(int argc, char *argv[], void *userdata) {
{ EFI_STUB_FEATURE_MULTI_PROFILE_UKI, "Stub understands profile selector" },
{ EFI_STUB_FEATURE_REPORT_STUB_PARTITION, "Stub sets stub partition information" },
};
_cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL, *stub_path = NULL,
*current_entry = NULL, *oneshot_entry = NULL, *default_entry = NULL;
_cleanup_free_ char *fw_type = NULL, *fw_info = NULL, *loader = NULL, *loader_path = NULL, *stub = NULL;
sd_id128_t loader_part_uuid = SD_ID128_NULL;
uint64_t loader_features = 0, stub_features = 0;
Tpm2Support s;
int have;
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderFirmwareType), &fw_type);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderFirmwareInfo), &fw_info);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderInfo), &loader);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(StubInfo), &stub);
(void) efi_get_variable_path_and_warn(EFI_LOADER_VARIABLE(LoaderImageIdentifier), &loader_path);
(void) efi_get_variable_path_and_warn(EFI_LOADER_VARIABLE(StubImageIdentifier), &stub_path);
read_efi_var(EFI_LOADER_VARIABLE(LoaderFirmwareType), &fw_type);
read_efi_var(EFI_LOADER_VARIABLE(LoaderFirmwareInfo), &fw_info);
read_efi_var(EFI_LOADER_VARIABLE(LoaderInfo), &loader);
read_efi_var(EFI_LOADER_VARIABLE(StubInfo), &stub);
read_efi_var(EFI_LOADER_VARIABLE(LoaderImageIdentifier), &loader_path);
(void) efi_loader_get_features(&loader_features);
(void) efi_stub_get_features(&stub_features);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderEntrySelected), &current_entry);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderEntryOneShot), &oneshot_entry);
(void) efi_get_variable_string_and_warn(EFI_LOADER_VARIABLE(LoaderEntryDefault), &default_entry);
if (loader_path)
efi_tilt_backslashes(loader_path);
k = efi_loader_get_device_part_uuid(&loader_part_uuid);
if (k < 0 && k != -ENOENT)
r = log_warning_errno(k, "Failed to read EFI variable LoaderDevicePartUUID: %m");
SecureBootMode secure = efi_get_secure_boot_mode();
printf("%sSystem:%s\n", ansi_underline(), ansi_normal());
@ -472,58 +463,34 @@ int verb_status(int argc, char *argv[], void *userdata) {
}
printf("\n");
if (loader) {
printf("%sCurrent Boot Loader:%s\n", ansi_underline(), ansi_normal());
printf(" Product: %s%s%s\n", ansi_highlight(), loader, ansi_normal());
for (size_t i = 0; i < ELEMENTSOF(loader_flags); i++)
print_yes_no_line(i == 0, FLAGS_SET(loader_features, loader_flags[i].flag), loader_flags[i].name);
printf("%sCurrent Boot Loader:%s\n", ansi_underline(), ansi_normal());
printf(" Product: %s%s%s\n", ansi_highlight(), strna(loader), ansi_normal());
sd_id128_t loader_partition_uuid;
bool have_loader_partition_uuid = efi_loader_get_device_part_uuid(&loader_partition_uuid) >= 0;
for (size_t i = 0; i < ELEMENTSOF(loader_flags); i++)
print_yes_no_line(i == 0, FLAGS_SET(loader_features, loader_flags[i].flag), loader_flags[i].name);
print_yes_no_line(false, have_loader_partition_uuid, "Boot loader set ESP information");
sd_id128_t bootloader_esp_uuid;
bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0;
if (current_entry)
printf("Current Entry: %s\n", current_entry);
if (default_entry)
printf("Default Entry: %s\n", default_entry);
if (oneshot_entry && !streq_ptr(oneshot_entry, default_entry))
printf("OneShot Entry: %s\n", oneshot_entry);
if (have_loader_partition_uuid && !sd_id128_is_null(esp_uuid) && !sd_id128_equal(esp_uuid, loader_partition_uuid))
printf("WARNING: The boot loader reports a different partition UUID than the detected ESP ("SD_ID128_UUID_FORMAT_STR" vs. "SD_ID128_UUID_FORMAT_STR")!\n",
SD_ID128_FORMAT_VAL(loader_partition_uuid), SD_ID128_FORMAT_VAL(esp_uuid));
if (!sd_id128_is_null(loader_partition_uuid))
printf(" Partition: /dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR "\n",
SD_ID128_FORMAT_VAL(loader_partition_uuid));
else
printf(" Partition: n/a\n");
printf(" Loader: %s%s\n", special_glyph(SPECIAL_GLYPH_TREE_RIGHT), strna(loader_path));
printf("\n");
}
print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information");
if (have_bootloader_esp_uuid && !sd_id128_is_null(esp_uuid) &&
!sd_id128_equal(esp_uuid, bootloader_esp_uuid))
printf("WARNING: The boot loader reports a different ESP UUID than detected ("SD_ID128_UUID_FORMAT_STR" vs. "SD_ID128_UUID_FORMAT_STR")!\n",
SD_ID128_FORMAT_VAL(bootloader_esp_uuid),
SD_ID128_FORMAT_VAL(esp_uuid));
if (stub) {
printf("%sCurrent Stub:%s\n", ansi_underline(), ansi_normal());
printf(" Product: %s%s%s\n", ansi_highlight(), stub, ansi_normal());
printf(" Stub: %s\n", stub);
for (size_t i = 0; i < ELEMENTSOF(stub_flags); i++)
print_yes_no_line(i == 0, FLAGS_SET(stub_features, stub_flags[i].flag), stub_flags[i].name);
sd_id128_t stub_partition_uuid;
bool have_stub_partition_uuid = efi_stub_get_device_part_uuid(&stub_partition_uuid) >= 0;
if (have_stub_partition_uuid && (!(!sd_id128_is_null(esp_uuid) && sd_id128_equal(esp_uuid, stub_partition_uuid)) &&
!(!sd_id128_is_null(xbootldr_uuid) && sd_id128_equal(xbootldr_uuid, stub_partition_uuid))))
printf("WARNING: The stub loader reports a different UUID than the detected ESP or XBOOTDLR partition ("SD_ID128_UUID_FORMAT_STR" vs. "SD_ID128_UUID_FORMAT_STR"/"SD_ID128_UUID_FORMAT_STR")!\n",
SD_ID128_FORMAT_VAL(stub_partition_uuid), SD_ID128_FORMAT_VAL(esp_uuid), SD_ID128_FORMAT_VAL(xbootldr_uuid));
if (!sd_id128_is_null(stub_partition_uuid))
printf(" Partition: /dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR "\n",
SD_ID128_FORMAT_VAL(stub_partition_uuid));
else
printf(" Partition: n/a\n");
printf(" Stub: %s%s\n", special_glyph(SPECIAL_GLYPH_TREE_RIGHT), strna(stub_path));
printf("\n");
}
if (!sd_id128_is_null(loader_part_uuid))
printf(" ESP: /dev/disk/by-partuuid/" SD_ID128_UUID_FORMAT_STR "\n",
SD_ID128_FORMAT_VAL(loader_part_uuid));
else
printf(" ESP: n/a\n");
printf(" File: %s%s\n", special_glyph(SPECIAL_GLYPH_TREE_RIGHT), strna(loader_path));
printf("\n");
printf("%sRandom Seed:%s\n", ansi_underline(), ansi_normal());
have = access(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderSystemToken)), F_OK) >= 0;

View File

@ -16,14 +16,12 @@
#include "build.h"
#include "devnum-util.h"
#include "dissect-image.h"
#include "efi-loader.h"
#include "escape.h"
#include "find-esp.h"
#include "main-func.h"
#include "mount-util.h"
#include "pager.h"
#include "parse-argument.h"
#include "path-util.h"
#include "pretty-print.h"
#include "utf8.h"
#include "varlink-io.systemd.BootControl.h"
@ -40,8 +38,6 @@ char *arg_esp_path = NULL;
char *arg_xbootldr_path = NULL;
bool arg_print_esp_path = false;
bool arg_print_dollar_boot_path = false;
bool arg_print_loader_path = false;
bool arg_print_stub_path = false;
unsigned arg_print_root_device = 0;
bool arg_touch_variables = true;
bool arg_install_random_seed = true;
@ -137,71 +133,6 @@ int acquire_xbootldr(
return 1;
}
static int print_loader_or_stub_path(void) {
_cleanup_free_ char *p = NULL;
sd_id128_t uuid;
int r;
if (arg_print_loader_path) {
r = efi_loader_get_device_part_uuid(&uuid);
if (r == -ENOENT)
return log_error_errno(r, "No loader partition UUID passed.");
if (r < 0)
return log_error_errno(r, "Unable to determine loader partition UUID: %m");
r = efi_get_variable_path(EFI_LOADER_VARIABLE(LoaderImageIdentifier), &p);
if (r == -ENOENT)
return log_error_errno(r, "No loader EFI binary path passed.");
if (r < 0)
return log_error_errno(r, "Unable to determine loader EFI binary path: %m");
} else {
assert(arg_print_stub_path);
r = efi_stub_get_device_part_uuid(&uuid);
if (r == -ENOENT)
return log_error_errno(r, "No stub partition UUID passed.");
if (r < 0)
return log_error_errno(r, "Unable to determine stub partition UUID: %m");
r = efi_get_variable_path(EFI_LOADER_VARIABLE(StubImageIdentifier), &p);
if (r == -ENOENT)
return log_error_errno(r, "No stub EFI binary path passed.");
if (r < 0)
return log_error_errno(r, "Unable to determine stub EFI binary path: %m");
}
sd_id128_t esp_uuid;
r = acquire_esp(/* unprivileged_mode= */ false, /* graceful= */ false,
/* ret_part= */ NULL, /* ret_pstart= */ NULL, /* ret_psize= */ NULL,
&esp_uuid, /* ret_devid= */ NULL);
if (r < 0)
return r;
const char *found_path = NULL;
if (sd_id128_equal(esp_uuid, uuid))
found_path = arg_esp_path;
else if (arg_print_stub_path) { /* In case of the stub, also look for things in the xbootldr partition */
sd_id128_t xbootldr_uuid;
r = acquire_xbootldr(/* unprivileged_mode= */ false, &xbootldr_uuid, /* ret_devid= */ NULL);
if (r < 0)
return r;
if (sd_id128_equal(xbootldr_uuid, uuid))
found_path = arg_xbootldr_path;
}
if (!found_path)
return log_error_errno(SYNTHETIC_ERRNO(ENOENT), "Failed to discover partition " SD_ID128_FORMAT_STR " among mounted boot partitions.", SD_ID128_FORMAT_VAL(uuid));
_cleanup_free_ char *j = path_join(found_path, p);
if (!j)
return log_oom();
puts(j);
return 0;
}
static int help(int argc, char *argv[], void *userdata) {
_cleanup_free_ char *link = NULL;
int r;
@ -251,9 +182,6 @@ static int help(int argc, char *argv[], void *userdata) {
" Where to pick files when using --root=/--image=\n"
" -p --print-esp-path Print path to the EFI System Partition mount point\n"
" -x --print-boot-path Print path to the $BOOT partition mount point\n"
" --print-loader-path\n"
" Print path to currently booted boot loader binary\n"
" --print-stub-path Print path to currently booted unified kernel binary\n"
" -R --print-root-device\n"
" Print path to the block device node backing the\n"
" root file system (returns e.g. /dev/nvme0n1p5)\n"
@ -307,8 +235,6 @@ static int parse_argv(int argc, char *argv[]) {
ARG_ARCH_ALL,
ARG_EFI_BOOT_OPTION_DESCRIPTION,
ARG_DRY_RUN,
ARG_PRINT_LOADER_PATH,
ARG_PRINT_STUB_PATH,
};
static const struct option options[] = {
@ -324,8 +250,6 @@ static int parse_argv(int argc, char *argv[]) {
{ "print-esp-path", no_argument, NULL, 'p' },
{ "print-path", no_argument, NULL, 'p' }, /* Compatibility alias */
{ "print-boot-path", no_argument, NULL, 'x' },
{ "print-loader-path", no_argument, NULL, ARG_PRINT_LOADER_PATH },
{ "print-stub-path", no_argument, NULL, ARG_PRINT_STUB_PATH },
{ "print-root-device", no_argument, NULL, 'R' },
{ "no-variables", no_argument, NULL, ARG_NO_VARIABLES },
{ "random-seed", required_argument, NULL, ARG_RANDOM_SEED },
@ -408,14 +332,6 @@ static int parse_argv(int argc, char *argv[]) {
arg_print_dollar_boot_path = true;
break;
case ARG_PRINT_LOADER_PATH:
arg_print_loader_path = true;
break;
case ARG_PRINT_STUB_PATH:
arg_print_stub_path = true;
break;
case 'R':
arg_print_root_device++;
break;
@ -498,9 +414,9 @@ static int parse_argv(int argc, char *argv[]) {
assert_not_reached();
}
if (!!arg_print_esp_path + !!arg_print_dollar_boot_path + (arg_print_root_device > 0) + arg_print_loader_path + arg_print_stub_path > 1)
if (!!arg_print_esp_path + !!arg_print_dollar_boot_path + (arg_print_root_device > 0) > 1)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"--print-esp-path/-p, --print-boot-path/-x, --print-root-device=/-R, --print-loader-path, --print-stub-path cannot be combined.");
"--print-esp-path/-p, --print-boot-path/-x, --print-root-device=/-R cannot be combined.");
if ((arg_root || arg_image) && argv[optind] && !STR_IN_SET(argv[optind], "status", "list",
"install", "update", "remove", "is-installed", "random-seed", "unlink", "cleanup"))
@ -625,9 +541,6 @@ static int run(int argc, char *argv[]) {
return 0;
}
if (arg_print_loader_path || arg_print_stub_path)
return print_loader_or_stub_path();
/* Open up and mount the image */
if (arg_image) {
assert(!arg_root);

View File

@ -13,7 +13,6 @@
#include "initrd.h"
#include "linux.h"
#include "measure.h"
#include "memory-util-fundamental.h"
#include "part-discovery.h"
#include "pe.h"
#include "proto/block-io.h"
@ -2421,18 +2420,18 @@ static EFI_STATUS initrd_prepare(
EFI_FILE *root,
const BootEntry *entry,
char16_t **ret_options,
Pages *ret_initrd_pages,
void **ret_initrd,
size_t *ret_initrd_size) {
assert(root);
assert(entry);
assert(ret_options);
assert(ret_initrd_pages);
assert(ret_initrd);
assert(ret_initrd_size);
if (entry->type != LOADER_LINUX || !entry->initrd) {
*ret_options = NULL;
*ret_initrd_pages = (Pages) {};
*ret_initrd = NULL;
*ret_initrd_size = 0;
return EFI_SUCCESS;
}
@ -2446,6 +2445,7 @@ static EFI_STATUS initrd_prepare(
EFI_STATUS err;
size_t size = 0;
_cleanup_free_ uint8_t *initrd = NULL;
STRV_FOREACH(i, entry->initrd) {
_cleanup_free_ char16_t *o = options;
@ -2464,58 +2464,30 @@ static EFI_STATUS initrd_prepare(
if (err != EFI_SUCCESS)
return err;
if (!ADD_SAFE(&size, size, ALIGN4(info->FileSize)))
return EFI_OUT_OF_RESOURCES;
}
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(size),
UINT32_MAX /* Below 4G boundary. */);
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
STRV_FOREACH(i, entry->initrd) {
_cleanup_(file_closep) EFI_FILE *handle = NULL;
err = root->Open(root, &handle, *i, EFI_FILE_MODE_READ, 0);
if (err != EFI_SUCCESS)
return err;
_cleanup_free_ EFI_FILE_INFO *info = NULL;
err = get_file_info(handle, &info, NULL);
if (err != EFI_SUCCESS)
return err;
if (info->FileSize == 0) /* Automatically skip over empty files */
continue;
size_t read_size = info->FileSize;
err = chunked_read(handle, &read_size, p);
size_t new_size, read_size = info->FileSize;
if (!ADD_SAFE(&new_size, size, read_size))
return EFI_OUT_OF_RESOURCES;
initrd = xrealloc(initrd, size, new_size);
err = chunked_read(handle, &read_size, initrd + size);
if (err != EFI_SUCCESS)
return err;
/* Make sure the actual read size is what we expected. */
assert(read_size == info->FileSize);
p += read_size;
size_t pad;
pad = ALIGN4(read_size) - read_size;
if (pad == 0)
continue;
memzero(p, pad);
p += pad;
assert(size + read_size == new_size);
size = new_size;
}
assert(PHYSICAL_ADDRESS_TO_POINTER(pages.addr + size) == p);
if (entry->options) {
_cleanup_free_ char16_t *o = options;
options = xasprintf("%ls %ls", o, entry->options);
}
*ret_options = TAKE_PTR(options);
*ret_initrd_pages = TAKE_STRUCT(pages);
*ret_initrd = TAKE_PTR(initrd);
*ret_initrd_size = size;
return EFI_SUCCESS;
}
@ -2545,9 +2517,9 @@ static EFI_STATUS image_start(
return log_error_status(err, "Error making file device path: %m");
size_t initrd_size = 0;
_cleanup_pages_ Pages initrd_pages = {};
_cleanup_free_ void *initrd = NULL;
_cleanup_free_ char16_t *options_initrd = NULL;
err = initrd_prepare(image_root, entry, &options_initrd, &initrd_pages, &initrd_size);
err = initrd_prepare(image_root, entry, &options_initrd, &initrd, &initrd_size);
if (err != EFI_SUCCESS)
return log_error_status(err, "Error preparing initrd: %m");
@ -2565,7 +2537,7 @@ static EFI_STATUS image_start(
}
_cleanup_(cleanup_initrd) EFI_HANDLE initrd_handle = NULL;
err = initrd_register(PHYSICAL_ADDRESS_TO_POINTER(initrd_pages.addr), initrd_size, &initrd_handle);
err = initrd_register(initrd, initrd_size, &initrd_handle);
if (err != EFI_SUCCESS)
return log_error_status(err, "Error registering initrd: %m");

View File

@ -450,7 +450,7 @@ static size_t pe_section_table_find_profile_length(
assert(start >= section_table);
assert(start < section_table + n_section_table);
/* Look for the next .profile (or the end of the table), this is where the sections for this
/* Look for the next .profile (or the end of the table), this is where the the sections for this
* profile end. The base profile does not start with a .profile, the others do, hence conditionally
* skip over the first entry. */
const PeSectionHeader *e;
@ -485,7 +485,7 @@ EFI_STATUS pe_locate_profile_sections(
if (!p)
return EFI_NOT_FOUND;
/* Look for the next .profile (or the end of the table), this is where the sections for this
/* Look for the next .profile (or the end of the table), this is where the the sections for this
* profile end. */
size_t n = pe_section_table_find_profile_length(section_table, n_section_table, p, profile);

View File

@ -134,8 +134,9 @@ static EFI_STATUS combine_initrds(
assert(PHYSICAL_ADDRESS_TO_POINTER(pages.addr + n) == p);
*ret_initrd_pages = TAKE_STRUCT(pages);
*ret_initrd_pages = pages;
*ret_initrd_size = n;
pages.n_pages = 0;
return EFI_SUCCESS;
}

View File

@ -2728,7 +2728,6 @@ int config_parse_environ(
COMMON_CREDS_SPECIFIERS(ltype),
{ 'h', specifier_user_home, NULL },
{ 's', specifier_user_shell, NULL },
{}
};
for (const char *p = rvalue;; ) {

View File

@ -528,15 +528,11 @@ static int append_extensions(
&result);
if (r < 0)
return r;
if (!result.path) {
if (m->ignore_enoent)
continue;
if (!result.path)
return log_debug_errno(
SYNTHETIC_ERRNO(ENOENT),
"No matching entry in .v/ directory %s found.",
m->source);
}
r = verity_settings_load(&verity, result.path, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL);
if (r < 0)
@ -579,6 +575,10 @@ static int append_extensions(
const char *e = *extension_directory;
bool ignore_enoent = false;
/* Pick up the counter where the ExtensionImages left it. */
if (asprintf(&mount_point, "%s/unit-extensions/%zu", private_namespace_dir, n_mount_images++) < 0)
return -ENOMEM;
/* Look for any prefixes */
if (startswith(e, "-")) {
e++;
@ -596,19 +596,11 @@ static int append_extensions(
&result);
if (r < 0)
return r;
if (!result.path) {
if (ignore_enoent)
continue;
if (!result.path)
return log_debug_errno(
SYNTHETIC_ERRNO(ENOENT),
"No matching entry in .v/ directory %s found.",
e);
}
/* Pick up the counter where the ExtensionImages left it. */
if (asprintf(&mount_point, "%s/unit-extensions/%zu", private_namespace_dir, n_mount_images++) < 0)
return -ENOMEM;
for (size_t j = 0; hierarchies && hierarchies[j]; ++j) {
char *prefixed_hierarchy = path_join(mount_point, hierarchies[j]);

View File

@ -4169,7 +4169,7 @@ static void service_sigchld_event(Unit *u, pid_t pid, int code, int status) {
* detect when the cgroup becomes empty. Note that the control process is always
* our child so it's pointless to watch all other processes. */
if (!control_pid_good(s))
if (!s->main_pid_known || s->main_pid_alien || unit_cgroup_delegate(u))
if (!s->main_pid_known || s->main_pid_alien)
(void) unit_enqueue_rewatch_pids(u);
}

View File

@ -1046,6 +1046,7 @@ static int process_socket(int fd) {
_cleanup_close_ int input_fd = -EBADF, mount_tree_fd = -EBADF;
Context context = {};
struct iovec_wrapper iovw = {};
struct iovec iovec;
bool first = true;
int r;
@ -1062,7 +1063,8 @@ static int process_socket(int fd) {
.msg_controllen = sizeof(control),
.msg_iovlen = 1,
};
ssize_t n, l;
ssize_t n;
ssize_t l;
l = next_datagram_size_fd(fd);
if (l < 0) {
@ -1070,10 +1072,8 @@ static int process_socket(int fd) {
goto finish;
}
_cleanup_(iovec_done) struct iovec iovec = {
.iov_len = l,
.iov_base = malloc(l + 1),
};
iovec.iov_len = l;
iovec.iov_base = malloc(l + 1);
if (!iovec.iov_base) {
r = log_oom();
goto finish;
@ -1083,6 +1083,7 @@ static int process_socket(int fd) {
n = recvmsg_safe(fd, &mh, MSG_CMSG_CLOEXEC);
if (n < 0) {
free(iovec.iov_base);
r = log_error_errno(n, "Failed to receive datagram: %m");
goto finish;
}
@ -1092,6 +1093,8 @@ static int process_socket(int fd) {
if (n == 0) {
struct cmsghdr *found;
free(iovec.iov_base);
found = cmsg_find(&mh, SOL_SOCKET, SCM_RIGHTS, CMSG_LEN(sizeof(int) * 2));
if (found) {
int fds[2] = EBADF_PAIR;
@ -1131,8 +1134,6 @@ static int process_socket(int fd) {
r = iovw_put(&iovw, iovec.iov_base, iovec.iov_len);
if (r < 0)
goto finish;
TAKE_STRUCT(iovec);
}
/* Make sure we got all data we really need */

View File

@ -69,11 +69,11 @@ STATIC_DESTRUCTOR_REGISTER(arg_tpm2_public_key, freep);
STATIC_DESTRUCTOR_REGISTER(arg_tpm2_signature, freep);
static const char* transcode_mode_table[_TRANSCODE_MAX] = {
[TRANSCODE_OFF] = "off",
[TRANSCODE_BASE64] = "base64",
[TRANSCODE_OFF] = "off",
[TRANSCODE_BASE64] = "base64",
[TRANSCODE_UNBASE64] = "unbase64",
[TRANSCODE_HEX] = "hex",
[TRANSCODE_UNHEX] = "unhex",
[TRANSCODE_HEX] = "hex",
[TRANSCODE_UNHEX] = "unhex",
};
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(transcode_mode, TranscodeMode);
@ -690,10 +690,35 @@ static int verb_setup(int argc, char **argv, void *userdata) {
}
static int verb_has_tpm2(int argc, char **argv, void *userdata) {
if (!arg_quiet)
log_notice("The 'systemd-creds %1$s' command has been replaced by 'systemd-analyze %1$s'. Redirecting invocation.", argv[optind]);
Tpm2Support s;
return verb_has_tpm2_generic(arg_quiet);
s = tpm2_support();
if (!arg_quiet) {
if (s == TPM2_SUPPORT_FULL)
puts("yes");
else if (s == TPM2_SUPPORT_NONE)
puts("no");
else
puts("partial");
printf("%sfirmware\n"
"%sdriver\n"
"%ssystem\n"
"%ssubsystem\n"
"%slibraries\n",
plus_minus(s & TPM2_SUPPORT_FIRMWARE),
plus_minus(s & TPM2_SUPPORT_DRIVER),
plus_minus(s & TPM2_SUPPORT_SYSTEM),
plus_minus(s & TPM2_SUPPORT_SUBSYSTEM),
plus_minus(s & TPM2_SUPPORT_LIBRARIES));
}
/* Return inverted bit flags. So that TPM2_SUPPORT_FULL becomes EXIT_SUCCESS and the other values
* become some reasonable values 17. i.e. the flags we return here tell what is missing rather than
* what is there, acknowledging the fact that for process exit statuses it is customary to return
* zero (EXIT_FAILURE) when all is good, instead of all being bad. */
return ~s & TPM2_SUPPORT_FULL;
}
static int verb_help(int argc, char **argv, void *userdata) {
@ -707,16 +732,17 @@ static int verb_help(int argc, char **argv, void *userdata) {
printf("%1$s [OPTIONS...] COMMAND ...\n"
"\n%5$sDisplay and Process Credentials.%6$s\n"
"\n%3$sCommands:%4$s\n"
" list Show list of passed credentials\n"
" cat CREDENTIAL... Show contents of specified credentials\n"
" list Show installed and available versions\n"
" cat CREDENTIAL... Show specified credentials\n"
" setup Generate credentials host key, if not existing yet\n"
" encrypt INPUT OUTPUT Encrypt plaintext credential file and write to\n"
" ciphertext credential file\n"
" decrypt INPUT [OUTPUT] Decrypt ciphertext credential file and write to\n"
" plaintext credential file\n"
"\n%3$sOptions:%4$s\n"
" has-tpm2 Report whether TPM2 support is available\n"
" -h --help Show this help\n"
" --version Show package version\n"
"\n%3$sOptions:%4$s\n"
" --no-pager Do not pipe output into a pager\n"
" --no-legend Do not show the headers and footers\n"
" --json=pretty|short|off\n"
@ -748,6 +774,7 @@ static int verb_help(int argc, char **argv, void *userdata) {
" --user Select user-scoped credential encryption\n"
" --uid=UID Select user for scoped credentials\n"
" --allow-null Allow decrypting credentials with empty key\n"
" -q --quiet Suppress output for 'has-tpm2' verb\n"
"\nSee the %2$s for details.\n",
program_invocation_short_name,
link,
@ -1046,7 +1073,7 @@ static int creds_main(int argc, char *argv[]) {
{ "decrypt", 2, 3, 0, verb_decrypt },
{ "setup", VERB_ANY, 1, 0, verb_setup },
{ "help", VERB_ANY, 1, 0, verb_help },
{ "has-tpm2", VERB_ANY, 1, 0, verb_has_tpm2 }, /* for backward compatibility */
{ "has-tpm2", VERB_ANY, 1, 0, verb_has_tpm2 },
{}
};

View File

@ -425,8 +425,7 @@ int enroll_tpm2(struct crypt_device *cd,
r = tpm2_pcr_values_to_mask(hash_pcr_values, n_hash_pcr_values, hash_pcr_bank, &hash_pcr_mask);
if (r < 0)
return log_error_errno(r, "Could not get hash mask: %m");
} else if (pubkey_pcr_mask != 0 && !device_key) {
} else if (pubkey_pcr_mask != 0) {
/* If no literal PCR value policy is used, then let's determine the mask to use automatically
* from the measurements of the TPM. */

View File

@ -93,6 +93,20 @@ STATIC_DESTRUCTOR_REGISTER(arg_root_shell, freep);
STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep);
STATIC_DESTRUCTOR_REGISTER(arg_image_policy, image_policy_freep);
static bool press_any_key(void) {
char k = 0;
bool need_nl = true;
puts("-- Press any key to proceed --");
(void) read_one_char(stdin, &k, USEC_INFINITY, &need_nl);
if (need_nl)
putchar('\n');
return k != 'q';
}
static void print_welcome(int rfd) {
_cleanup_free_ char *pretty_name = NULL, *os_name = NULL, *ansi_color = NULL;
static bool done = false;
@ -127,7 +141,7 @@ static void print_welcome(int rfd) {
printf("\nPlease configure your system!\n\n");
any_key_to_proceed();
press_any_key();
done = true;
}
@ -170,7 +184,7 @@ static int show_menu(char **x, unsigned n_columns, unsigned width, unsigned perc
/* on the first screen we reserve 2 extra lines for the title */
if (i % break_lines == break_modulo) {
if (!any_key_to_proceed())
if (!press_any_key())
return 0;
}
}

View File

@ -31,25 +31,3 @@ static inline bool unified_section_measure(UnifiedSection section) {
/* Max number of profiles per UKI */
#define UNIFIED_PROFILES_MAX 256U
/* The native PE machine type, if known, for a full list see:
* https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#machine-types */
#ifndef _IMAGE_FILE_MACHINE_NATIVE
# if defined(__x86_64__)
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x8664)
# elif defined(__i386__)
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x014c)
# elif defined(__ia64__)
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x0200)
# elif defined(__aarch64__)
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0xaa64)
# elif defined(__arm__)
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x01c0)
# elif defined(__riscv)
# if __SIZEOF_POINTER__ == 4
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x5032)
# elif __SIZEOF_POINTER__ == 8
# define _IMAGE_FILE_MACHINE_NATIVE UINT16_C(0x5064)
# endif
# endif
#endif

View File

@ -2434,8 +2434,6 @@ static int create_interactively(void) {
return 0;
}
any_key_to_proceed();
r = acquire_bus(&bus);
if (r < 0)
return r;

View File

@ -222,16 +222,20 @@ int manager_new(Manager **ret) {
if (r < 0)
return r;
r = sd_event_set_signal_exit(m->event, true);
r = sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
if (r < 0)
return r;
r = sd_event_add_memory_pressure(m->event, /* ret_event_source= */ NULL, /* callback= */ NULL, /* userdata= */ NULL);
r = sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
if (r < 0)
return r;
r = sd_event_add_memory_pressure(m->event, NULL, NULL, NULL);
if (r < 0)
log_full_errno(ERRNO_IS_NOT_SUPPORTED(r) || ERRNO_IS_PRIVILEGE(r) || (r == -EHOSTDOWN) ? LOG_DEBUG : LOG_WARNING, r,
"Failed to allocate memory pressure watch, ignoring: %m");
r = sd_event_add_signal(m->event, /* ret_event_source= */ NULL, (SIGRTMIN+18)|SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, /* userdata = */ NULL);
r = sd_event_add_signal(m->event, NULL, SIGRTMIN+18, sigrtmin18_handler, NULL);
if (r < 0)
return r;

View File

@ -29,7 +29,7 @@ static int run(int argc, char *argv[]) {
umask(0022);
assert_se(sigprocmask_many(SIG_BLOCK, /* ret_old_mask= */ NULL, SIGCHLD) >= 0);
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD, SIGTERM, SIGINT, SIGRTMIN+18) >= 0);
r = manager_new(&m);
if (r < 0)

View File

@ -1787,15 +1787,17 @@ static int server_setup_signals(Server *s) {
assert(s);
r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1|SD_EVENT_SIGNAL_PROCMASK, dispatch_sigusr1, s);
assert_se(sigprocmask_many(SIG_SETMASK, NULL, SIGINT, SIGTERM, SIGUSR1, SIGUSR2, SIGRTMIN+1, SIGRTMIN+18) >= 0);
r = sd_event_add_signal(s->event, &s->sigusr1_event_source, SIGUSR1, dispatch_sigusr1, s);
if (r < 0)
return r;
r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2|SD_EVENT_SIGNAL_PROCMASK, dispatch_sigusr2, s);
r = sd_event_add_signal(s->event, &s->sigusr2_event_source, SIGUSR2, dispatch_sigusr2, s);
if (r < 0)
return r;
r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM|SD_EVENT_SIGNAL_PROCMASK, dispatch_sigterm, s);
r = sd_event_add_signal(s->event, &s->sigterm_event_source, SIGTERM, dispatch_sigterm, s);
if (r < 0)
return r;
@ -1806,7 +1808,7 @@ static int server_setup_signals(Server *s) {
/* When journald is invoked on the terminal (when debugging), it's useful if C-c is handled
* equivalent to SIGTERM. */
r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT|SD_EVENT_SIGNAL_PROCMASK, dispatch_sigterm, s);
r = sd_event_add_signal(s->event, &s->sigint_event_source, SIGINT, dispatch_sigterm, s);
if (r < 0)
return r;
@ -1817,7 +1819,7 @@ static int server_setup_signals(Server *s) {
/* SIGRTMIN+1 causes an immediate sync. We process this very late, so that everything else queued at
* this point is really written to disk. Clients can watch /run/systemd/journal/synced with inotify
* until its mtime changes to see when a sync happened. */
r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, (SIGRTMIN+1)|SD_EVENT_SIGNAL_PROCMASK, dispatch_sigrtmin1, s);
r = sd_event_add_signal(s->event, &s->sigrtmin1_event_source, SIGRTMIN+1, dispatch_sigrtmin1, s);
if (r < 0)
return r;
@ -1825,7 +1827,7 @@ static int server_setup_signals(Server *s) {
if (r < 0)
return r;
r = sd_event_add_signal(s->event, /* ret_event_source= */ NULL, (SIGRTMIN+18)|SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, &s->sigrtmin18_info);
r = sd_event_add_signal(s->event, NULL, SIGRTMIN+18, sigrtmin18_handler, &s->sigrtmin18_info);
if (r < 0)
return r;

View File

@ -404,16 +404,15 @@ static int context_set_path_strv(Context *c, char* const* strv, const char *sour
static int context_set_plugins(Context *c, const char *s, const char *source) {
_cleanup_strv_free_ char **v = NULL;
int r;
assert(c);
if (c->plugins || !s)
return 0;
r = strv_split_full(&v, s, NULL, EXTRACT_UNQUOTE);
if (r < 0)
return log_error_errno(r, "Failed to parse plugin paths from %s: %m", source);
v = strv_split(s, NULL);
if (!v)
return log_oom();
return context_set_path_strv(c, v, source, "plugins", &c->plugins);
}

View File

@ -46,13 +46,7 @@ echo 'DTBDTBDTBDTB' >"$D/sources/subdir/whatever.dtb"
export KERNEL_INSTALL_CONF_ROOT="$D/sources"
# We "install" multiple plugins, but control which ones will be active via install.conf.
KERNEL_INSTALL_PLUGINS="'${loaderentry_install}' '${uki_copy_install}'"
if [[ -n "$ukify_install" ]]; then
# shellcheck disable=SC2089
KERNEL_INSTALL_PLUGINS="'${ukify_install}' $KERNEL_INSTALL_PLUGINS"
fi
# shellcheck disable=SC2090
export KERNEL_INSTALL_PLUGINS
export KERNEL_INSTALL_PLUGINS="${ukify_install} ${loaderentry_install} ${uki_copy_install}"
export BOOT_ROOT="$D/boot"
export BOOT_MNT="$D/boot"
export MACHINE_ID='3e0484f3634a418b8e6a39e8828b03e3'

View File

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "env-util.h"
#include "format-ifname.h"
#include "format-util.h"
#include "network-common.h"
#include "socket-util.h"
#include "unaligned.h"

View File

@ -1229,7 +1229,7 @@ static int generic_method_get_interface_description(
sd_varlink_method_flags_t flags,
void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
static const struct sd_json_dispatch_field dispatch_table[] = {
{ "interface", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, 0, SD_JSON_MANDATORY },
{}
};

View File

@ -86,11 +86,15 @@ static int manager_new(Manager **ret) {
if (r < 0)
return r;
r = sd_event_set_signal_exit(m->event, true);
r = sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
if (r < 0)
return r;
r = sd_event_add_signal(m->event, /* ret_event_source= */ NULL, (SIGRTMIN+18)|SD_EVENT_SIGNAL_PROCMASK, sigrtmin18_handler, /* userdata= */ NULL);
r = sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
if (r < 0)
return r;
r = sd_event_add_signal(m->event, NULL, SIGRTMIN+18, sigrtmin18_handler, NULL);
if (r < 0)
return r;
@ -822,7 +826,7 @@ static int manager_connect_console(Manager *m) {
return log_error_errno(r, "Failed to watch foreground console: %m");
/*
* SIGRTMIN + 0 is used as global VT-release signal, SIGRTMIN + 1 is used
* SIGRTMIN is used as global VT-release signal, SIGRTMIN + 1 is used
* as VT-acquire signal. We ignore any acquire-events (yes, we still
* have to provide a valid signal-number for it!) and acknowledge all
* release events immediately.
@ -834,10 +838,11 @@ static int manager_connect_console(Manager *m) {
SIGRTMIN, SIGRTMAX);
assert_se(ignore_signals(SIGRTMIN + 1) >= 0);
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGRTMIN) >= 0);
r = sd_event_add_signal(m->event, /* ret_event_source= */ NULL, (SIGRTMIN + 0) | SD_EVENT_SIGNAL_PROCMASK, manager_vt_switch, m);
r = sd_event_add_signal(m->event, NULL, SIGRTMIN, manager_vt_switch, m);
if (r < 0)
return log_error_errno(r, "Failed to subscribe to SIGRTMIN+0 signal: %m");
return log_error_errno(r, "Failed to subscribe to signal: %m");
return 0;
}
@ -1092,7 +1097,7 @@ static int manager_startup(Manager *m) {
assert(m);
r = sd_event_add_signal(m->event, /* ret_event_source= */ NULL, SIGHUP|SD_EVENT_SIGNAL_PROCMASK, manager_dispatch_reload_signal, m);
r = sd_event_add_signal(m->event, NULL, SIGHUP, manager_dispatch_reload_signal, m);
if (r < 0)
return log_error_errno(r, "Failed to register SIGHUP handler: %m");
@ -1242,7 +1247,7 @@ static int run(int argc, char *argv[]) {
(void) mkdir_label("/run/systemd/users", 0755);
(void) mkdir_label("/run/systemd/sessions", 0755);
assert_se(sigprocmask_many(SIG_BLOCK, /* ret_old_mask= */ NULL, SIGCHLD) >= 0);
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGHUP, SIGTERM, SIGINT, SIGCHLD, SIGRTMIN+18) >= 0);
r = manager_new(&m);
if (r < 0)

View File

@ -191,8 +191,6 @@ int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink
}
int lookup_machine_by_name(sd_varlink *link, Manager *manager, const char *machine_name, Machine **ret_machine) {
assert(link);
assert(manager);
assert(ret_machine);
if (!machine_name)
@ -211,7 +209,8 @@ int lookup_machine_by_name(sd_varlink *link, Manager *manager, const char *machi
int vl_method_unregister_internal(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
Machine *machine = ASSERT_PTR(userdata);
Manager *manager = ASSERT_PTR(machine->manager);
Manager *manager = machine->manager;
assert(manager);
int r;
r = varlink_verify_polkit_async(
@ -221,6 +220,7 @@ int vl_method_unregister_internal(sd_varlink *link, sd_json_variant *parameters,
(const char**) STRV_MAKE("name", machine->name,
"verb", "unregister"),
&manager->polkit_registry);
if (r <= 0)
return r;
@ -233,7 +233,8 @@ int vl_method_unregister_internal(sd_varlink *link, sd_json_variant *parameters,
int vl_method_terminate_internal(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
Machine *machine = ASSERT_PTR(userdata);
Manager *manager = ASSERT_PTR(machine->manager);
Manager *manager = machine->manager;
assert(manager);
int r;
r = varlink_verify_polkit_async(
@ -243,6 +244,7 @@ int vl_method_terminate_internal(sd_varlink *link, sd_json_variant *parameters,
(const char**) STRV_MAKE("name", machine->name,
"verb", "terminate"),
&manager->polkit_registry);
if (r <= 0)
return r;
@ -253,51 +255,45 @@ int vl_method_terminate_internal(sd_varlink *link, sd_json_variant *parameters,
return sd_varlink_reply(link, NULL);
}
typedef struct KillQueryParams {
const char *machine_name;
const char *swho;
int32_t signo;
} KillQueryParams;
int vl_method_kill(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(KillQueryParams, machine_name), SD_JSON_MANDATORY },
{ "who", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(KillQueryParams, swho), 0 },
{ "signal", SD_JSON_VARIANT_INTEGER, sd_json_dispatch_int32, offsetof(KillQueryParams, signo), SD_JSON_MANDATORY },
Manager *manager = ASSERT_PTR(userdata);
const char *machine_name = NULL;
const char *swho = NULL;
KillWhom whom;
int32_t signo;
const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, PTR_TO_SIZE(&machine_name), SD_JSON_MANDATORY },
{ "who", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, PTR_TO_SIZE(&swho), 0 },
{ "signal", SD_JSON_VARIANT_INTEGER, sd_json_dispatch_int32, PTR_TO_SIZE(&signo), SD_JSON_MANDATORY },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
Manager *manager = ASSERT_PTR(userdata);
KillQueryParams p = {
.machine_name = NULL,
.swho = NULL
};
KillWhom whom;
int r;
assert(parameters);
r = sd_varlink_dispatch(link, parameters, dispatch_table, &p);
r = sd_varlink_dispatch(link, parameters, dispatch_table, 0);
if (r != 0)
return r;
Machine *machine = NULL;
r = lookup_machine_by_name(link, manager, p.machine_name, &machine);
r = lookup_machine_by_name(link, manager, machine_name, &machine);
if (r != 0)
return r;
assert(machine);
if (isempty(p.swho))
if (isempty(swho)) {
whom = KILL_ALL;
else {
whom = kill_whom_from_string(p.swho);
} else {
whom = kill_whom_from_string(swho);
if (whom < 0)
return sd_varlink_error_invalid_parameter_name(link, "who");
}
if (!SIGNAL_VALID(p.signo))
if (!SIGNAL_VALID(signo))
return sd_varlink_error_invalid_parameter_name(link, "signal");
r = varlink_verify_polkit_async(
@ -307,10 +303,11 @@ int vl_method_kill(sd_varlink *link, sd_json_variant *parameters, sd_varlink_met
(const char**) STRV_MAKE("name", machine->name,
"verb", "kill"),
&manager->polkit_registry);
if (r <= 0)
return r;
r = machine_kill(machine, whom, p.signo);
r = machine_kill(machine, whom, signo);
if (r < 0)
return r;

View File

@ -2,11 +2,11 @@
#pragma once
#include "sd-varlink.h"
#include "machine.h"
int lookup_machine_by_name(sd_varlink *link, Manager *manager, const char *machine_name, Machine **ret_machine);
typedef int (*vl_method_handler_t) (sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) ;
int vl_method_register(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
int vl_method_unregister_internal(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);
int vl_method_terminate_internal(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata);

View File

@ -32,7 +32,6 @@
#include "edit-util.h"
#include "env-util.h"
#include "fd-util.h"
#include "format-ifname.h"
#include "format-table.h"
#include "hostname-util.h"
#include "import-util.h"
@ -1220,6 +1219,8 @@ static int process_forward(sd_event *event, PTYForward **forward, int master, PT
assert(master >= 0);
assert(name);
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGWINCH, SIGTERM, SIGINT) >= 0);
if (!arg_quiet) {
if (streq(name, ".host"))
log_info("Connected to the local host. Press ^] three times within 1s to exit session.");
@ -1227,9 +1228,8 @@ static int process_forward(sd_event *event, PTYForward **forward, int master, PT
log_info("Connected to machine %s. Press ^] three times within 1s to exit session.", name);
}
r = sd_event_set_signal_exit(event, true);
if (r < 0)
return log_error_errno(r, "Failed to enable SIGINT/SITERM handling: %m");
(void) sd_event_add_signal(event, NULL, SIGINT, NULL, NULL);
(void) sd_event_add_signal(event, NULL, SIGTERM, NULL, NULL);
r = pty_forward_new(event, master, flags, forward);
if (r < 0)

Some files were not shown because too many files have changed in this diff Show More