diff options
| -rw-r--r-- | .mkosi/mkosi.fedora | 1 | ||||
| -rw-r--r-- | TODO | 4 | ||||
| -rw-r--r-- | man/systemd.network.xml | 188 | ||||
| -rw-r--r-- | man/systemd.service.xml | 20 | ||||
| -rw-r--r-- | src/basic/architecture.h | 1 | ||||
| -rw-r--r-- | src/basic/extract-word.c | 4 | ||||
| -rw-r--r-- | src/core/load-fragment.c | 3 | ||||
| -rw-r--r-- | src/core/scope.c | 7 | ||||
| -rw-r--r-- | src/core/unit.c | 11 | ||||
| -rw-r--r-- | src/dissect/dissect.c | 14 | ||||
| -rw-r--r-- | src/journal/compress.c | 4 | ||||
| -rw-r--r-- | src/network/netdev/tunnel.c | 70 | ||||
| -rw-r--r-- | src/network/networkd-link.c | 5 | ||||
| -rw-r--r-- | src/shared/dissect-image.c | 10 | ||||
| -rw-r--r-- | src/shared/dissect-image.h | 5 | ||||
| -rw-r--r-- | src/shared/firewall-util.c | 5 |
16 files changed, 229 insertions, 123 deletions
diff --git a/.mkosi/mkosi.fedora b/.mkosi/mkosi.fedora index 0af20c924a..478703c41a 100644 --- a/.mkosi/mkosi.fedora +++ b/.mkosi/mkosi.fedora @@ -63,6 +63,7 @@ BuildPackages= libxslt lz4-devel make + diffutils pam-devel pkgconfig python3-devel @@ -618,6 +618,10 @@ Features: - maybe make copying of /etc/resolv.conf optional, and skip it if --read-only is used +* dissect + - refuse mounting over a mount point + - automatically discover .roothash files in dissect, similarly to nspawn + * machined: - add an API so that libvirt-lxc can inform us about network interfaces being removed or added to an existing machine diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 0fa68b7623..c7083a4fe6 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -614,47 +614,57 @@ <varlistentry> <term><varname>Bridge=</varname></term> <listitem> - <para>The name of the bridge to add the link to.</para> + <para>The name of the bridge to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>Bond=</varname></term> <listitem> - <para>The name of the bond to add the link to.</para> + <para>The name of the bond to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>VRF=</varname></term> <listitem> - <para>The name of the VRF to add the link to.</para> + <para>The name of the VRF to add the link to. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + </para> </listitem> </varlistentry> <varlistentry> <term><varname>VLAN=</varname></term> <listitem> - <para>The name of a VLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a VLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>MACVLAN=</varname></term> <listitem> - <para>The name of a MACVLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a MACVLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>VXLAN=</varname></term> <listitem> - <para>The name of a VXLAN to create on the link. This - option may be specified more than once.</para> + <para>The name of a VXLAN to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> <varlistentry> <term><varname>Tunnel=</varname></term> <listitem> - <para>The name of a Tunnel to create on the link. This - option may be specified more than once.</para> + <para>The name of a Tunnel to create on the link. See + <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>. + This option may be specified more than once.</para> </listitem> </varlistentry> </variablelist> @@ -1293,53 +1303,75 @@ </refsect1> <refsect1> - <title>Example</title> + <title>Examples</title> <example> - <title>/etc/systemd/network/50-static.network</title> + <title>Static network configuration</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/50-static.network +[Match] Name=enp2s0 [Network] Address=192.168.0.15/24 Gateway=192.168.0.1</programlisting> + + <para>This brings interface <literal>enp2s0</literal> up with a static address. The + specified gateway will be used for a default route.</para> </example> <example> - <title>/etc/systemd/network/80-dhcp.network</title> + <title>DHCP on ethernet links</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/80-dhcp.network +[Match] Name=en* [Network] DHCP=yes</programlisting> + + <para>This will enable DHCPv4 and DHCPv6 on all interfaces with names starting with + <literal>en</literal> (i.e. ethernet interfaces).</para> </example> <example> - <title>/etc/systemd/network/25-bridge-static.network</title> + <title>A bridge with two enslaved links</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/25-bridge-static.network +[Match] Name=bridge0 [Network] Address=192.168.0.15/24 Gateway=192.168.0.1 DNS=192.168.0.1</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-bridge-slave-interface.network</title> - <programlisting>[Match] + <programlisting># /etc/systemd/network/25-bridge-slave-interface-1.network +[Match] Name=enp2s0 [Network] Bridge=bridge0</programlisting> + + <programlisting># /etc/systemd/network/25-bridge-slave-interface-2.network +[Match] +Name=wlp3s0 + +[Network] +Bridge=bridge0</programlisting> + + <para>This creates a bridge and attaches devices <literal>enp2s0</literal> and + <literal>wlp3s0</literal> to it. The bridge will have the specified static address + and network assigned, and a default route via the specified gateway will be + added. The specified DNS server will be added to the global list of DNS resolvers. + </para> </example> + <example> - <title>/etc/systemd/network/25-bridge-slave-interface-vlan.network</title> + <title></title> - <programlisting>[Match] + <programlisting> +# /etc/systemd/network/20-bridge-slave-interface-vlan.network +[Match] Name=enp2s0 [Network] @@ -1355,66 +1387,106 @@ VLAN=100-200 [BridgeVLAN] EgressUntagged=300-400</programlisting> - </example> - <example> - <title>/etc/systemd/network/25-ipip.network</title> - - <programlisting>[Match] -Name=em1 -[Network] -Tunnel=ipip-tun</programlisting> + <para>This overrides the configuration specified in the previous example for the + interface <literal>enp2s0</literal>, and enables VLAN on that bridge port. VLAN IDs + 1-32, 42, 100-400 will be allowed. Packets tagged with VLAN IDs 42, 300-400 will be + untagged when they leave on this interface. Untagged packets which arrive on this + interface will be assigned VLAN ID 42.</para> </example> <example> - <title>/etc/systemd/network/25-sit.network</title> + <title>Various tunnels</title> - <programlisting>[Match] -Name=em1 + <programlisting>/etc/systemd/network/25-tunnels.network +[Match] +Name=ens1 [Network] -Tunnel=sit-tun</programlisting> +Tunnel=ipip-tun +Tunnel=sit-tun +Tunnel=gre-tun +Tunnel=vti-tun + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-ipip.netdev +[NetDev] +Name=ipip-tun +Kind=ipip + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-sit.netdev +[NetDev] +Name=sit-tun +Kind=sit + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-gre.netdev +[NetDev] +Name=gre-tun +Kind=gre + </programlisting> + + <programlisting>/etc/systemd/network/25-tunnel-vti.netdev +[NetDev] +Name=vti-tun +Kind=vti + </programlisting> + + <para>This will bring interface <literal>ens1</literal> up and create an IPIP tunnel, + a SIT tunnel, a GRE tunnel, and a VTI tunnel using it.</para> </example> <example> - <title>/etc/systemd/network/25-gre.network</title> + <title>A bond device</title> - <programlisting>[Match] -Name=em1 + <programlisting># /etc/systemd/network/30-bond1.network +[Match] +Name=bond1 [Network] -Tunnel=gre-tun</programlisting> - </example> +DHCP=ipv6 +</programlisting> - <example> - <title>/etc/systemd/network/25-vti.network</title> + <programlisting># /etc/systemd/network/30-bond1.netdev +[NetDev] +Name=bond1 +Kind=bond +</programlisting> - <programlisting>[Match] -Name=em1 + <programlisting># /etc/systemd/network/30-bond1-dev1.nework +[Match] +MACAddress=52:54:00:e9:64:41 [Network] -Tunnel=vti-tun</programlisting> - </example> - - <example> - <title>/etc/systemd/network/25-bond.network</title> +Bond=bond1 +</programlisting> - <programlisting>[Match] -Name=bond1 + <programlisting># /etc/systemd/network/30-bond1-dev2.nework +[Match] +MACAddress=52:54:00:e9:64:42 [Network] -DHCP=yes +Bond=bond1 </programlisting> + + <para>This will create a bond device <literal>bond1</literal> and enslave the two + devices with MAC addresses 52:54:00:e9:64:41 and 52:54:00:e9:64:42 to it. IPv6 DHCP + will be used to acquire an address.</para> </example> <example> - <title>/etc/systemd/network/25-vrf.network</title> - <para>Add the bond1 interface to the VRF master interface vrf-test. This will redirect routes generated on this interface to be within the routing table defined during VRF creation. Traffic won't be redirected towards the VRFs routing table unless specific ip-rules are added.</para> - <programlisting>[Match] + <title>Virtual Routing and Forwarding (VRF)</title> + <para>Add the <literal>bond1</literal> interface to the VRF master interface + <literal>vrf1</literal>. This will redirect routes generated on this interface to be + within the routing table defined during VRF creation. Traffic won't be redirected + towards the VRFs routing table unless specific ip-rules are added.</para> + <programlisting># /etc/systemd/network/25-vrf.network +[Match] Name=bond1 [Network] -VRF=vrf-test +VRF=vrf1 </programlisting> </example> diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 67c68d2f8b..b244a7e970 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -918,18 +918,14 @@ must be passed as separate words). Lone semicolons may be escaped as <literal>\;</literal>.</para> - <para>Each command line is split on whitespace, with the first - item being the command to execute, and the subsequent items being - the arguments. Double quotes ("...") and single quotes ('...') may - be used, in which case everything until the next matching quote - becomes part of the same argument. C-style escapes are also - supported. The table below contains the list of allowed escape - patterns. Only patterns which match the syntax in the table are - allowed; others will result in an error, and must be escaped by - doubling the backslash. Quotes themselves are removed after - parsing and escape sequences substituted. In addition, a trailing - backslash (<literal>\</literal>) may be used to merge lines. - </para> + <para>Each command line is split on whitespace, with the first item being the command to + execute, and the subsequent items being the arguments. Double quotes ("...") and single quotes + ('...') may be used, in which case everything until the next matching quote becomes part of the + same argument. Quotes themselves are removed. C-style escapes are also supported. The table + below contains the list of known escape patterns. Only escape patterns which match the syntax in + the table are allowed; other patterns may be added in the future and unknown patterns will + result in a warning. In particular, any backslashes should be doubled. Finally, a trailing + backslash (<literal>\</literal>) may be used to merge lines.</para> <para>This syntax is intended to be very similar to shell syntax, but only the meta-characters and expansions described in the diff --git a/src/basic/architecture.h b/src/basic/architecture.h index 5a77c31932..b329df2f6d 100644 --- a/src/basic/architecture.h +++ b/src/basic/architecture.h @@ -150,6 +150,7 @@ int uname_architecture(void); # else # define native_architecture() ARCHITECTURE_ARM64 # define LIB_ARCH_TUPLE "aarch64-linux-gnu" +# define SECONDARY_ARCHITECTURE ARCHITECTURE_ARM # endif #elif defined(__arm__) # if __BYTE_ORDER == __BIG_ENDIAN diff --git a/src/basic/extract-word.c b/src/basic/extract-word.c index dbe64a9a58..f8cac3e911 100644 --- a/src/basic/extract-word.c +++ b/src/basic/extract-word.c @@ -227,8 +227,8 @@ int extract_first_word_and_warn( *p = save; r = extract_first_word(p, ret, separators, flags|EXTRACT_CUNESCAPE_RELAX); if (r >= 0) { - /* It worked this time, hence it must have been an invalid escape sequence we could correct. */ - log_syntax(unit, LOG_WARNING, filename, line, EINVAL, "Invalid escape sequences in line, correcting: \"%s\"", rvalue); + /* It worked this time, hence it must have been an invalid escape sequence. */ + log_syntax(unit, LOG_WARNING, filename, line, EINVAL, "Ignoring unknown escape sequences: \"%s\"", *ret); return r; } diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 6b36b2fc3a..687cd1dd31 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -606,7 +606,6 @@ int config_parse_exec( _cleanup_strv_free_ char **n = NULL; size_t nlen = 0, nbufsize = 0; const char *f; - int i; semicolon = false; @@ -615,7 +614,7 @@ int config_parse_exec( return 0; f = firstword; - for (i = 0; i < 3; i++) { + for (;;) { /* We accept an absolute path as first argument. * If it's prefixed with - and the path doesn't exist, * we ignore it instead of erroring out; diff --git a/src/core/scope.c b/src/core/scope.c index d6e1f8e392..9540fb67d9 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -273,7 +273,9 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) { if (state == SCOPE_STOP_SIGTERM) skip_signal = bus_scope_send_request_stop(s) > 0; - if (!skip_signal) { + if (skip_signal) + r = 1; /* wait */ + else { r = unit_kill_context( UNIT(s), &s->kill_context, @@ -283,8 +285,7 @@ static void scope_enter_signal(Scope *s, ScopeState state, ScopeResult f) { -1, -1, false); if (r < 0) goto fail; - } else - r = 1; + } if (r > 0) { r = scope_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->timeout_stop_usec)); diff --git a/src/core/unit.c b/src/core/unit.c index e485c01fc1..ab40135736 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -3755,14 +3755,14 @@ int unit_kill_context( bool main_pid_alien) { bool wait_for_exit = false, send_sighup; - cg_kill_log_func_t log_func; + cg_kill_log_func_t log_func = NULL; int sig, r; assert(u); assert(c); - /* Kill the processes belonging to this unit, in preparation for shutting the unit down. Returns > 0 if we - * killed something worth waiting for, 0 otherwise. */ + /* Kill the processes belonging to this unit, in preparation for shutting the unit down. + * Returns > 0 if we killed something worth waiting for, 0 otherwise. */ if (c->kill_mode == KILL_NONE) return 0; @@ -3774,9 +3774,8 @@ int unit_kill_context( IN_SET(k, KILL_TERMINATE, KILL_TERMINATE_AND_LOG) && sig != SIGHUP; - log_func = - k != KILL_TERMINATE || - IN_SET(sig, SIGKILL, SIGABRT) ? log_kill : NULL; + if (k != KILL_TERMINATE || IN_SET(sig, SIGKILL, SIGABRT)) + log_func = log_kill; if (main_pid > 0) { if (log_func) diff --git a/src/dissect/dissect.c b/src/dissect/dissect.c index e3c96b7407..f2f1e135ec 100644 --- a/src/dissect/dissect.c +++ b/src/dissect/dissect.c @@ -95,21 +95,25 @@ static int parse_argv(int argc, char *argv[]) { arg_flags |= DISSECT_IMAGE_READ_ONLY; break; - case ARG_DISCARD: + case ARG_DISCARD: { + DissectImageFlags flags; + if (streq(optarg, "disabled")) - arg_flags &= ~(DISSECT_IMAGE_DISCARD_ON_LOOP|DISSECT_IMAGE_DISCARD|DISSECT_IMAGE_DISCARD_ON_CRYPTO); + flags = 0; else if (streq(optarg, "loop")) - arg_flags = (arg_flags & ~(DISSECT_IMAGE_DISCARD|DISSECT_IMAGE_DISCARD_ON_CRYPTO)) | DISSECT_IMAGE_DISCARD_ON_LOOP; + flags = DISSECT_IMAGE_DISCARD_ON_LOOP; else if (streq(optarg, "all")) - arg_flags = (arg_flags & ~(DISSECT_IMAGE_DISCARD_ON_CRYPTO)) | DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD; + flags = DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD; else if (streq(optarg, "crypt")) - arg_flags |= DISSECT_IMAGE_DISCARD_ON_LOOP | DISSECT_IMAGE_DISCARD | DISSECT_IMAGE_DISCARD_ON_CRYPTO; + flags = DISSECT_IMAGE_DISCARD_ANY; else { log_error("Unknown --discard= parameter: %s", optarg); return -EINVAL; } + arg_flags = (arg_flags & ~DISSECT_IMAGE_DISCARD_ANY) | flags; break; + } case ARG_ROOT_HASH: { void *p; diff --git a/src/journal/compress.c b/src/journal/compress.c index ba734b5561..818a720ba8 100644 --- a/src/journal/compress.c +++ b/src/journal/compress.c @@ -112,7 +112,11 @@ int compress_blob_lz4(const void *src, uint64_t src_size, if (src_size < 9) return -ENOBUFS; +#if LZ4_VERSION_NUMBER >= 10700 + r = LZ4_compress_default(src, (char*)dst + 8, src_size, (int) dst_alloc_size - 8); +#else r = LZ4_compress_limitedOutput(src, (char*)dst + 8, src_size, (int) dst_alloc_size - 8); +#endif if (r <= 0) return -ENOBUFS; diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c index b03e770061..c11ac0c539 100644 --- a/src/network/netdev/tunnel.c +++ b/src/network/netdev/tunnel.c @@ -397,16 +397,31 @@ static int netdev_tunnel_verify(NetDev *netdev, const char *filename) { assert(t); - if (t->family != AF_INET && t->family != AF_INET6 && t->family != 0) { - log_warning("Tunnel with invalid address family configured in %s. Ignoring", filename); + if (!IN_SET(t->family, AF_INET, AF_INET6, AF_UNSPEC)) { + log_netdev_error(netdev, + "Tunnel with invalid address family configured in %s. Ignoring", filename); return -EINVAL; } - if (netdev->kind == NETDEV_KIND_IP6TNL) { - if (t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) { - log_warning("IP6 Tunnel without mode configured in %s. Ignoring", filename); - return -EINVAL; - } + if (netdev->kind == NETDEV_KIND_VTI && + (t->family != AF_INET || in_addr_is_null(t->family, &t->local))) { + log_netdev_error(netdev, + "vti tunnel without a local IPv4 address configured in %s. Ignoring", filename); + return -EINVAL; + } + + if (netdev->kind == NETDEV_KIND_VTI6 && + (t->family != AF_INET6 || in_addr_is_null(t->family, &t->local))) { + log_netdev_error(netdev, + "vti6 tunnel without a local IPv4 address configured in %s. Ignoring", filename); + return -EINVAL; + } + + if (netdev->kind == NETDEV_KIND_IP6TNL && + t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) { + log_netdev_error(netdev, + "ip6tnl without mode configured in %s. Ignoring", filename); + return -EINVAL; } return 0; @@ -431,26 +446,40 @@ int config_parse_tunnel_address(const char *unit, assert(rvalue); assert(data); + /* This is used to parse addresses on both local and remote ends of the tunnel. + * Address families must match. + * + * "any" is a special value which means that the address is unspecified. + */ + if (streq(rvalue, "any")) { - t->family = 0; + *addr = IN_ADDR_NULL; + + /* As a special case, if both the local and remote addresses are + * unspecified, also clear the address family. + */ + if (t->family != AF_UNSPEC && + in_addr_is_null(t->family, &t->local) && + in_addr_is_null(t->family, &t->remote)) + t->family = AF_UNSPEC; return 0; - } else { + } - r = in_addr_from_string_auto(rvalue, &f, &buffer); - if (r < 0) { - log_syntax(unit, LOG_ERR, filename, line, r, "Tunnel address is invalid, ignoring assignment: %s", rvalue); - return 0; - } + r = in_addr_from_string_auto(rvalue, &f, &buffer); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, + "Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue); + return 0; + } - if (t->family != AF_UNSPEC && t->family != f) { - log_syntax(unit, LOG_ERR, filename, line, 0, "Tunnel addresses incompatible, ignoring assignment: %s", rvalue); - return 0; - } + if (t->family != AF_UNSPEC && t->family != f) { + log_syntax(unit, LOG_ERR, filename, line, 0, + "Tunnel addresses incompatible, ignoring assignment: %s", rvalue); + return 0; } t->family = f; *addr = buffer; - return 0; } @@ -578,7 +607,6 @@ static void ipip_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void sit_init(NetDev *n) { @@ -588,7 +616,6 @@ static void sit_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void vti_init(NetDev *n) { @@ -619,7 +646,6 @@ static void gre_init(NetDev *n) { assert(t); t->pmtudisc = true; - t->family = AF_UNSPEC; } static void ip6gre_init(NetDev *n) { diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index dd0e33a1ce..8d6992cee8 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -255,9 +255,10 @@ static int link_enable_ipv6(Link *link) { r = write_string_file(p, one_zero(disabled), WRITE_STRING_FILE_VERIFY_ON_FAILURE); if (r < 0) - log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", disabled ? "disable" : "enable", link->ifname); + log_link_warning_errno(link, r, "Cannot %s IPv6 for interface %s: %m", + enable_disable(!disabled), link->ifname); else - log_link_info(link, "IPv6 %sd for interface: %m", enable_disable(!disabled)); + log_link_info(link, "IPv6 successfully %sd", enable_disable(!disabled)); return 0; } diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 257af78781..d3ba9b9dde 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -372,9 +372,7 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, Dissecte designator = PARTITION_ROOT; architecture = native_architecture(); rw = !(flags & GPT_FLAG_READ_ONLY); - } -#ifdef GPT_ROOT_NATIVE_VERITY - else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE_VERITY)) { + } else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE_VERITY)) { m->can_verity = true; @@ -388,7 +386,6 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, Dissecte rw = false; } #endif -#endif #ifdef GPT_ROOT_SECONDARY else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) { @@ -399,9 +396,7 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, Dissecte designator = PARTITION_ROOT_SECONDARY; architecture = SECONDARY_ARCHITECTURE; rw = !(flags & GPT_FLAG_READ_ONLY); - } -#ifdef GPT_ROOT_SECONDARY_VERITY - else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY_VERITY)) { + } else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY_VERITY)) { m->can_verity = true; @@ -415,7 +410,6 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, Dissecte rw = false; } #endif -#endif else if (sd_id128_equal(type_id, GPT_SWAP)) { designator = PARTITION_SWAP; fstype = "swap"; diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index 902c8d4a37..175ddd8ea0 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -61,9 +61,12 @@ static inline int PARTITION_VERITY_OF(int p) { typedef enum DissectImageFlags { DISSECT_IMAGE_READ_ONLY = 1, - DISSECT_IMAGE_DISCARD_ON_LOOP = 2, /* Turn on "discard" if on loop device and file system supports it */ + DISSECT_IMAGE_DISCARD_ON_LOOP = 2, /* Turn on "discard" if on a loop device and file system supports it */ DISSECT_IMAGE_DISCARD = 4, /* Turn on "discard" if file system supports it, on all block devices */ DISSECT_IMAGE_DISCARD_ON_CRYPTO = 8, /* Turn on "discard" also on crypto devices */ + DISSECT_IMAGE_DISCARD_ANY = DISSECT_IMAGE_DISCARD_ON_LOOP | + DISSECT_IMAGE_DISCARD | + DISSECT_IMAGE_DISCARD_ON_CRYPTO, } DissectImageFlags; struct DissectedImage { diff --git a/src/shared/firewall-util.c b/src/shared/firewall-util.c index f73108eaa3..9c29b0afca 100644 --- a/src/shared/firewall-util.c +++ b/src/shared/firewall-util.c @@ -17,8 +17,9 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. ***/ -#warning "Temporary work-around for broken glibc vs. linux kernel header definitions" -#warning "This really should be removed sooner rather than later, when this is fixed upstream" +/* Temporary work-around for broken glibc vs. linux kernel header definitions + * This is already fixed upstream, remove this when distributions have updated. + */ #define _NET_IF_H 1 #include <alloca.h> |