diff options
| -rw-r--r-- | DISTRO_PORTING | 19 | ||||
| -rw-r--r-- | README | 18 | ||||
| -rw-r--r-- | configure.ac | 3 | ||||
| -rw-r--r-- | src/shared/efivars.c | 14 |
4 files changed, 50 insertions, 4 deletions
diff --git a/DISTRO_PORTING b/DISTRO_PORTING index d8e9ded943..07aea865be 100644 --- a/DISTRO_PORTING +++ b/DISTRO_PORTING @@ -14,6 +14,7 @@ HOWTO: --with-kbd-loadkeys= --with-kbd-setfont= --with-tty-gid= + --with-ntp-servers= 2) Try it out. Play around (as an ordinary user) with '/usr/lib/systemd/systemd --test --system' for a test run @@ -21,6 +22,24 @@ HOWTO: print the initial transaction it would execute during boot-up. This will also inform you about ordering loops and suchlike +NTP POOL: + + By default, timesyncd uses the Google NTP servers + time[1-4].google.com. They serve time that is not standards + compliant, and can be up to .5s off. Google does not + officially support these servers for the broader + audience. Distributions and vendors really should not ship + OSes or devices with these NTP servers configured. Instead, + please register your own vendor pool at ntp.org and make it + the built-in default by passing --with-ntp-servers= to + configure. Registering vendor pools is free: + + http://www.pool.ntp.org/en/vendors.html + + Again, if you ship your software or device with the default + NTP servers, then you will get served wrong time, and will + rely on services that might not be supported for long. + CONTRIBUTING UPSTREAM: We generally do no longer accept distribution-specific @@ -82,11 +82,11 @@ REQUIREMENTS: CONFIG_SECCOMP CONFIG_CHECKPOINT_RESTORE (for the kcmp() syscall) - Required for CPUShares in resource control unit settings + Required for CPUShares= in resource control unit settings CONFIG_CGROUP_SCHED CONFIG_FAIR_GROUP_SCHED - Required for CPUQuota in resource control unit settings + Required for CPUQuota= in resource control unit settings CONFIG_CFS_BANDWIDTH For systemd-bootchart, several proc debug interfaces are required: @@ -97,6 +97,15 @@ REQUIREMENTS: CONFIG_EFIVAR_FS CONFIG_EFI_PARTITION + We recommend to turn off Real-Time group scheduling in the + kernel when using systemd. RT group scheduling effectively + makes RT scheduling unavailable for most userspace, since it + requires explicit assignment of RT budgets to each unit whose + processes making use of RT. As there's no sensible way to + assign these budgets automatically this cannot really be + fixed, and it's best to disable group scheduling hence. + CONFIG_RT_GROUP_SCHED=n + Note that kernel auditing is broken when used with systemd's container code. When using systemd in conjunction with containers, please make sure to either turn off auditing at @@ -261,6 +270,11 @@ WARNINGS: false positives will be triggered by code which violates some rules but is actually safe. + Currently, systemd-timesyncd defaults to use the Google NTP + servers if not specified otherwise at configure time. You + really should not ship an OS or device with this default + setting. See DISTRO_PORTING for details. + ENGINEERING AND CONSULTING SERVICES: ENDOCODE <https://endocode.com/> offers professional engineering and consulting services for systemd. Please diff --git a/configure.ac b/configure.ac index 6804e03d07..999f9f84d3 100644 --- a/configure.ac +++ b/configure.ac @@ -1009,7 +1009,8 @@ AC_ARG_WITH(ntp-servers, AS_HELP_STRING([--with-ntp-servers=NTPSERVERS], [Space-separated list of default NTP servers]), [NTP_SERVERS="$withval"], - [NTP_SERVERS="time1.google.com time2.google.com time3.google.com time4.google.com"]) + [NTP_SERVERS="time1.google.com time2.google.com time3.google.com time4.google.com" + AC_MSG_WARN([*** Using Google NTP servers. Please do not ship OSes or devices with these default settings. See DISTRO_PORTING for details!])]) AC_DEFINE_UNQUOTED(NTP_SERVERS, ["$NTP_SERVERS"], [Default NTP Servers]) AC_SUBST(NTP_SERVERS) diff --git a/src/shared/efivars.c b/src/shared/efivars.c index 0d6ecf52cf..347cd30b09 100644 --- a/src/shared/efivars.c +++ b/src/shared/efivars.c @@ -125,7 +125,19 @@ static int get_os_indications(uint64_t *os_indication) { return r; r = efi_get_variable(EFI_VENDOR_GLOBAL, "OsIndications", NULL, &v, &s); - if (r < 0) + if (r == -ENOENT) { + /* Some firmware implementations that do support + * OsIndications and report that with + * OsIndicationsSupported will remove the + * OsIndications variable when it is unset. Let's + * pretend it's 0 then, to hide this implementation + * detail. Note that this call will return -ENOENT + * then only if the support for OsIndications is + * missing entirely, as determined by + * efi_reboot_to_firmware_supported() above. */ + *os_indication = 0; + return 0; + } else if (r < 0) return r; else if (s != sizeof(uint64_t)) return -EINVAL; |