Age | Commit message (Collapse) | Author |
|
|
|
Resolved 2
|
|
|
|
|
|
The command has a man page now and is public, hence add it to /usr/bin.
|
|
Let's make sure our poll() calls don't get interrupted where they shouldn't (SIGALRM, ...), but allow them to be
interrupted where they should (SIGINT, ...).
Fixes #1965
|
|
Ask password unicode fix
|
|
|
|
For the search domain logic the order is highly relevant, hence make sure when collecting the various search domains to
add them to an ordered set, so that the order between search domains of a specific link is retained.
|
|
Commit ab6f56debf made the change to allow building man pages even when disabled
with ./configure --disable-manpages. This works fine, as long as xsltproc is
present. If xsltproc is not present, the command to build a man page (obviously)
fails. Unfortnately it fails with a cryptic message '-o not found', because
$(XSLTPROC) is empty. Add a fallback, to use 'xsltproc' is $(XSLTPROC) is not
defined. This way we get a nice message:
make: xsltproc: Command not found
|
|
This way the difference between lookups via NSS and our native bus API should become minimal.
|
|
The tool resolves way more than just hosts, hence give it a more generic name. This should be safe, as the tool is
currently undocumented. Before we add documentation for it, let's get the name right.
This also moves the C source into src/resolve/ (from src/resolve-host/), since the old name is a misnomer now. Also,
since it links directly to many of the C files of resolved it really belongs into resolved's directory anyway.
|
|
Also, while we are at it, set the "authenticated" bit for everything we synthesize
|
|
Nss link less 2
|
|
resolved bus API improvements
|
|
The link objects expose as properties the current settings made with SetLinkDNS() and related calls, plus some more
information.
|
|
Man page grammar and build tweaks v3
|
|
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.
Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
|
|
This new test case tries to resolve a couple of known domains, to verify the validation results. It talks to resolved
via the bus, thus comprehensively testing the whole shebang.
Of course, it requires network connectivity and a DNSSEC capable DNS server, hence this is a manual test.
|
|
build-sys: regenerate %.m4 -> % on reconfigure
|
|
The hash operations are not really that specific to hashmaps, hence split them into a .c module of their own.
|
|
Twelfth DNSSEC PR
|
|
|
|
networkd previously knew an enum "ResolveSupport" for configuring
per-interface LLMNR support, resolved had a similar enum just called
"Support", with the same value and similar pasers.
Unify this, call the enum ResolveSupport, and port both daemons to it.
|
|
Fixes:
```
$ make valgrind-tests TESTS=test-acl-util
GEN valgrind-tests
Running test-acl-util
/bin/bash: line 4: libtool: command not found
```
|
|
Fixes:
$ ./configure ... --disable-tests
$ make
$ sudo make check
FAIL: test/udev-test.pl
PASS: test/rule-syntax-check.py
PASS: test/sysv-generator-test.py
...
|
|
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
|
|
build: fix systemd-journal-upload installation
|
|
Expose soft limits on the bus
|
|
Fixes:
```
$ ./configure ... --enable-resolved
$ make
$ cat tmpfiles.d/etc.conf
...
L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
...
$ ./configure ... --disable-resolved
$ make
$ cat tmpfiles.d/etc.conf
...
L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
...
```
|
|
Fixes:
$ ./configure ... --disable-microhttpd --enable-libcurl
--enable-sysusers
$ make && make install DESTDIR=$(pwd)/INST
$ ls INST/usr/lib/sysusers.d/
basic.conf systemd.conf
There is no a file with `systemd-journald-upload`
|
|
This is a follow-up for commit f47477332ff
|
|
basic: add RB-Tree implementation
|
|
Just hook up mDNS listeners with an empty packet dispather function,
introduce a config directive, man page updates etc.
|
|
tests: add test-rlimit-util
|
|
added: 279419b379
obsoleted: 2c8849add4
|
|
This adds an self-standing RB-Tree implementation to src/basic/. This
will be needed for NSEC RR lookups, since we need "close lookups", which
hashmaps (not even ordered-hashmaps) can give us in reasonable time.
|
|
we don't use it
https://www.gnu.org/software/automake/manual/automake.html#Scripts_002dbased-Testsuites
|
|
|
|
added: 65adc982d
obsoleted: 2c8849add
|
|
build-sys: move "dist" parts out of conditional
|
|
Fixes:
$ ./autogen.sh
$ ./configure ... --disable-timesyncd
$ make distcheck
...
make[1]: *** No rule to make target 'src/timesync/timesyncd-gperf.gperf', needed by 'src/timesync/timesyncd-gperf.c'. Stop.
|
|
When doing DNSSEC lookups we need to know one or more DS or DNSKEY RRs
as trust anchors to validate lookups. With this change we add a
compiled-in trust anchor database, serving the root DS key as of today,
retrieved from:
https://data.iana.org/root-anchors/root-anchors.xml
The interface is kept generic, so that additional DS or DNSKEY RRs may
be served via the same interface, for example by provisioning them
locally in external files to support "islands" of security.
The trust anchor database becomes the fourth source of RRs we maintain,
besides, the network, the local cache, and the local zone.
|
|
tests: add networkd integration test
|
|
This adds most basic operation for doing DNSSEC validation on the
client side. However, it does not actually add the verification logic to
the resolver. Specifically, this patch only includes:
- Verifying DNSKEY RRs against a DS RRs
- Verifying RRSets against a combination of RRSIG and DNSKEY RRs
- Matching up RRSIG RRs and DNSKEY RRs
- Matching up RR keys and RRSIG RRs
- Calculating the DNSSEC key tag from a DNSKEY RR
All currently used DNSSEC combinations of SHA and RSA are implemented. Support
for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably
obsolete, and shouldn't be added. EC should probably be added
eventually, if it actually is deployed on the Internet.
|
|
For now, only add_acls_for_user is tested. When run under root, it
actually sets the acls. When run under non-root, it sets the acls for
the user, which does nothing, but at least calls the functions.
|
|
|
|
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
|
|
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
|
|
This reduces libraries reported by ldd by liblzma,
liblz4, libgcrypt, libgpg-error, libacl, libidn, libseccomp.
|