summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2016-02-19Merge pull request #2648 from keszybz/dnssec-workMartin Pitt
Better support for DANE, shell completion
2016-02-18systemd-resolve: initial shell completionZbigniew Jędrzejewski-Szmek
v2: - use /sys/class/net to list interfaces, also copy the same code to systemd-nspawn v3: - do not propose "any" twice for --type
2016-02-18build-sys: remove duplicated entry in testsZbigniew Jędrzejewski-Szmek
test-dns-domain should be built and run even without ENABLE_RESOLVED.
2016-02-18build-sys: Do not build tests that depend on resolved when it has been disabledFilipe Brandenburger
If ./configure --disable-resolved has been used, do not try to build test-dns-packet and test-resolve-tables which depend on it. Previously, the SOURCES, LIBS and LDADDs for these tests were made conditional while the main rules for them weren't, causing build failures trying to build a binary with no sources. This was uncovered when trying to build udeb for systemd in CI, which uses --disable-resolved for a minimal build, which uncovered the issue. Fixes #2651.
2016-02-16resolved: turn on DNSSEC by default, unless configured otherwiseLennart Poettering
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to "allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled by default add a configure switch to disable this again. DNSSEC in "allow-downgrade" mode should mostly work without affecting user experience. There's one exception: some captive portal systems rewrite DNS in order to redirect HTTP traffic to the captive portal. If these systems implement DNS servers that are otherwise DNSSEC-capable (which in fact is pretty unlikely, but still...), then this will result in the captive portal being inaccessible. To fix this support in NetworkManager (or any other network management solution that does captive portal detection) is required, which simply turns off DNSSEC during the captive portal detection, and resets it back to the default (i.e. on) after captive portal authentication is complete.
2016-02-15Merge pull request #2618 from zonque/busproxy-removalLennart Poettering
remove bus-proxyd
2016-02-14Promote systemd-activate to /usr/bin/systemd-socket-activateZbigniew Jędrzejewski-Szmek
It has fairly wide functionality now and the interface has been stable for a while. It it a useful testing tool. The name is changed to better indicate what it does.
2016-02-13Merge pull request #2603 from poettering/drop-compat-libsZbigniew Jędrzejewski-Szmek
Some spring cleaning
2016-02-13build-sys: drop aufs-util.[ch]Lennart Poettering
Left over cruft from the dkr excercise.
2016-02-13util-lib: drop json parserLennart Poettering
This was used by the dkr logic, which is gone now, hence remove this too. Should we need it one day again the git history never forgets... Note that this only covers the JSON parser. The JSON generator used by "journalctl -o json" remains, as its much much simpler and requires no infrastructure except printf() and the most basic escaping.
2016-02-13build-sys: drop libsystemd-{id128,daemon,login,journal}.so compat libsLennart Poettering
They have long been obsolete, and upstream distros and packages have mostly switched over, let's get rid of it for good.
2016-02-13Merge pull request #2589 from keszybz/resolve-tool-2Lennart Poettering
Better support of OPENPGPKEY, CAA, TLSA packets and tests
2016-02-12resolve: always align flags to 8th column and print CAA flagsZbigniew Jędrzejewski-Szmek
Left-over unknown flags are printed numerically. Otherwise, it wouldn't be known what bits are remaining without knowning what the known bits are. A test case is added to verify the flag printing code: ============== src/resolve/test-data/fake-caa.pkts ============== google.com. IN CAA 0 issue "symantec.com" google.com. IN CAA 128 issue "symantec.com" -- Flags: critical google.com. IN CAA 129 issue "symantec.com" -- Flags: critical 1 google.com. IN CAA 22 issue "symantec.com" -- Flags: 22
2016-02-12Fix hashing of TLSA packetsZbigniew Jędrzejewski-Szmek
Also add example files with TLSA and SSHFP records.
2016-02-12test-dns-packet: allow running without argumentsZbigniew Jędrzejewski-Szmek
2016-02-12test-dns-packet: add framework to read and dump packetsZbigniew Jędrzejewski-Szmek
Packets are stored in a simple format: <size> <packet-wire-format> <size> <packet-wire-format> ... Packets for some example domains are dumped, to test rr code for various record types. Currently: A AAAA CAA DNSKEY LOC MX NS NSEC OPENPGPKEY SOA SPF TXT The hashing code is executed, but results are not checked. Also build other tests in src/resolve only with --enable-resolve.
2016-02-12remove bus-proxydDaniel Mack
As kdbus won't land in the anticipated way, the bus-proxy is not needed in its current form. It can be resurrected at any time thanks to the history, but for now, let's remove it from the sources. If we'll have a similar tool in the future, it will look quite differently anyway. Note that stdio-bridge is still available. It was restored from a version prior to f252ff17, and refactored to make use of the current APIs.
2016-02-11Remove kdbus custom endpoint supportDaniel Mack
This feature will not be used anytime soon, so remove a bit of cruft. The BusPolicy= config directive will stay around as compat noop.
2016-02-11Merge pull request #2587 from haraldh/tpmv3Lennart Poettering
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11systemd-resolve: allow easy querying of openpgp keysZbigniew Jędrzejewski-Szmek
$ systemd-resolve --openpgp zbyszek@fedoraproject.org d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlM yfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAyn ...
2016-02-11Move initialize_libgcrypt to separate fileZbigniew Jędrzejewski-Szmek
It's annoying to have the exact same function in three places. It's stored in src/shared, but it's not added to the library to avoid the dependency on libgcrypt.
2016-02-11sd-boot: put hashed kernel command line in a PCR of the TPMHarald Hoyer
The UEFI BIOS already hashes the contents of the loaded image, so the initrd and the command line of the binary are recorded. Because manually added LoadOptions are not taken into account, these should be recorded also. This patch logs and extends a TPM PCR register with the LoadOptions. This feature can be enabled with configure --enable-tpm The PCR register index can be specified with configure --with-tpm-pcrindex=<NUM>
2016-02-11build-sys: bump so versionLennart Poettering
2016-02-10build-sys: add TEST-06-SELINUX to distEvgeny Vereshchagin
This is a follow-up to https://github.com/systemd/systemd/pull/2493
2016-02-10tests: add test for https://github.com/systemd/systemd/issues/1981Evgeny Vereshchagin
2016-02-10coredump: dump priviliges when processing system coredumpsLennart Poettering
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump was created under. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10coredump: rework coredumping logicLennart Poettering
This reworks the coredumping logic so that the coredump handler invoked from the kernel only collects runtime data about the crashed process, and then submits it for processing to a socket-activate coredump service, which extracts a stacktrace and writes the coredump to disk. This has a number of benefits: the disk IO and stack trace generation may take a substantial amount of resources, and hence should better be managed by PID 1, so that resource management applies. This patch uses RuntimeMaxSec=, Nice=, OOMScoreAdjust= and various sandboxing settings to ensure that the coredump handler doesn't take away unbounded resources from normally priorized processes. This logic is also nice since this makes sure the coredump processing and storage is delayed correctly until /var/systemd/coredump is mounted and writable. Fixes: #2286
2016-02-10build-sys: move coredump logic into subdir of its ownLennart Poettering
2016-02-10Makefile.am: remove some relictsDaniel Mack
2016-02-08Merge pull request #2543 from keszybz/build-sys-and-man-fixesLennart Poettering
Build sys and man fixes
2016-02-06build-sys: simplify conditionals around shell completion filesZbigniew Jędrzejewski-Szmek
Repeating those conditionals for every program is annoying. Use a helper variable to avoid conditionals. Also always add generated completion files to CLEANFILES.
2016-02-06build-sys: move CLEANFILES additions out from under HAVE_GNUEFIZbigniew Jędrzejewski-Szmek
It's better to always include them in 'make clean'. It is also easier to read Makefile.am when less stuff is conditional.
2016-02-03nspawn: optionally run a stub init process as PID 1Lennart Poettering
This adds a new switch --as-pid2, which allows running commands as PID 2, while a stub init process is run as PID 1. This is useful in order to run arbitrary commands in a container, as PID1's semantics are different from all other processes regarding reaping of unknown children or signal handling.
2016-02-02Merge pull request #2510 from msekletar/journalctl-dev-sda-v4Lennart Poettering
journalctl: make "journalctl /dev/sda" work
2016-02-02journalctl: make "journalctl /dev/sda" workMichal Sekletar
Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-01-31resolved: allow building without libgcryptMichael Olbrich
2016-01-30Merge pull request #2469 from keszybz/resolved-2Lennart Poettering
Resolved 2
2016-01-29test-resolve-tables: new "test", useful to print mappingsZbigniew Jędrzejewski-Szmek
2016-01-29resolved: calculate and print tags for DNSKEY recordsZbigniew Jędrzejewski-Szmek
2016-01-29build-sys: install systemd-resolve in /usr/binLennart Poettering
The command has a man page now and is public, hence add it to /usr/bin.
2016-01-27nss: block various signals while running NSS lookupsLennart Poettering
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be interrupted where they should (SIGINT, ...). Fixes #1965
2016-01-26Merge pull request #2446 from keszybz/ask-passwordLennart Poettering
Ask password unicode fix
2016-01-26test-ask-password-api: add a manual test for password readingZbigniew Jędrzejewski-Szmek
2016-01-26networkd: use an OrderedSet instead of Set to collect link domainsLennart Poettering
For the search domain logic the order is highly relevant, hence make sure when collecting the various search domains to add them to an ordered set, so that the order between search domains of a specific link is retained.
2016-01-25build-sys: provide fallback value for xsltprocZbigniew Jędrzejewski-Szmek
Commit ab6f56debf made the change to allow building man pages even when disabled with ./configure --disable-manpages. This works fine, as long as xsltproc is present. If xsltproc is not present, the command to build a man page (obviously) fails. Unfortnately it fails with a cryptic message '-o not found', because $(XSLTPROC) is empty. Add a fallback, to use 'xsltproc' is $(XSLTPROC) is not defined. This way we get a nice message: make: xsltproc: Command not found
2016-01-25resolved: synthesize RRs for data from /etc/hostsLennart Poettering
This way the difference between lookups via NSS and our native bus API should become minimal.
2016-01-25resolve: rename "systemd-resolve-host" tool to simply "systemd-resolve"Lennart Poettering
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is currently undocumented. Before we add documentation for it, let's get the name right. This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also, since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
2016-01-25resolved: split out RR synthesis logic into its own C fileLennart Poettering
Also, while we are at it, set the "authenticated" bit for everything we synthesize
2016-01-20Merge pull request #2054 from keszybz/nss-link-less-2Lennart Poettering
Nss link less 2
2016-01-20Merge pull request #2372 from poettering/dnssec17Tom Gundersen
resolved bus API improvements