summaryrefslogtreecommitdiff
path: root/Makefile.am
AgeCommit message (Collapse)Author
2015-12-03resolved: add a simple trust anchor database as additional RR sourceLennart Poettering
When doing DNSSEC lookups we need to know one or more DS or DNSKEY RRs as trust anchors to validate lookups. With this change we add a compiled-in trust anchor database, serving the root DS key as of today, retrieved from: https://data.iana.org/root-anchors/root-anchors.xml The interface is kept generic, so that additional DS or DNSKEY RRs may be served via the same interface, for example by provisioning them locally in external files to support "islands" of security. The trust anchor database becomes the fourth source of RRs we maintain, besides, the network, the local cache, and the local zone.
2015-12-03Merge pull request #1934 from martinpitt/masterTom Gundersen
tests: add networkd integration test
2015-12-02resolved: add basic DNSSEC supportLennart Poettering
This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet.
2015-11-28test-acl-util: add new testZbigniew Jędrzejewski-Szmek
For now, only add_acls_for_user is tested. When run under root, it actually sets the acls. When run under non-root, it sets the acls for the user, which does nothing, but at least calls the functions.
2015-11-27util-lib: move nss-util.h from shared/ to basic/Lennart Poettering
The header file defines some helpers for GLIBC NSS and doesn't include anything else but glibc headers, hence there's little reason to keep it in shared/. See: #2008
2015-11-27tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easyLennart Poettering
GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27Merge pull request #1937 from evverx/fix-stdout-parsingLennart Poettering
Fix stdout stream parsing
2015-11-27tests: add networkd integration testMartin Pitt
This uses temporary configuration in /run and temporary veth devices, and does not write anything on disk or change any system configuration; but it assumes (and checks at the beginning) that networkd is not currently running. This can be run on a normal installation, in QEMU, nspawn, or LXC. As this requires root privileges, this is not integrated into "make check".
2015-11-25resolved: add a generic DnsSearchDomain conceptLennart Poettering
With this change, we add a new object to resolved, "DnsSearchDomain=" which wraps a search domain. This is then used to introduce a global search domain list, in addition to the existing per-link search domain list which is reword to make use of this new object too. This is preparation for implement proper unicast DNS search domain support.
2015-11-25resolved: split out all code dealing with /etc/resolv.conf into its own .c fileLennart Poettering
No functional changes.
2015-11-23Merge pull request #1996 from eworm-de/editorconfigDaniel Mack
add editorconfig configuration
2015-11-23add editorconfig configurationChristian Hesse
We want indention with spaces, so specify in editorconfig. http://editorconfig.org/
2015-11-21build: install bash completion for systemd-pathEvgeny Vereshchagin
This is a follow-up for commit e50e53876fb08b6
2015-11-20Merge pull request #1962 from mbiebl/install-completion-networkctlTom Gundersen
build: install bash completion for networkctl
2015-11-19build: install bash completion for networkctlMichael Biebl
This is a follow-up for commit e4f246b1b512c68260581c4976d2eb01cf7febdc.
2015-11-18build: bump version numberssystemd/v228David Herrmann
Prepare for v228 release and bump version numbers.
2015-11-17tests: add basic journal testEvgeny Vereshchagin
2015-11-17Merge pull request #1909 from keszybz/filetriggers-v2Lennart Poettering
Move daemon-reload from package %post scripts to file triggers
2015-11-15Move daemon-reload from package %post scripts to file triggersZbigniew Jędrzejewski-Szmek
This uses new functionality added in rpm 4.13. Instead of doing one daemon-reload per packages, we do just one or two (When both installing and uninstalling packages, we do two. Unfortunately this also includes the common case of upgrades. When only installing or when only installing, we do just one.) New file triggers.systemd can be built, but the contents have to be copied into the rpm spec file by hand. Using %{load} does not seem to work. It can serve as documentation.
2015-11-14hwdb: updateKay Sievers
2015-11-12install: follow unit file symlinks in /usr, but not /etc when looking for ↵Lennart Poettering
[Install] data Some distributions use alias unit files via symlinks in /usr to cover for legacy service names. With this change we'll allow "systemctl enable" on such aliases. Previously, our rule was that symlinks are user configuration that "systemctl enable" + "systemctl disable" creates and removes, while unit files is where the instructions to do so are store. As a result of the rule we'd never read install information through symlinks, since that would mix enablement state with installation instructions. Now, the new rule is that only symlinks inside of /etc are configuration. Unit files, and symlinks in /usr are now valid for installation instructions. This patch is quite a rework of the whole install logic, and makes the following addional changes: - Adds a complete test "test-instal-root" that tests the install logic pretty comprehensively. - Never uses canonicalize_file_name(), because that's incompatible with operation relative to a specific root directory. - unit_file_get_state() is reworked to return a proper error, and returns the state in a call-by-ref parameter. This cleans up confusion between the enum type and errno-like errors. - The new logic puts a limit on how long to follow unit file symlinks: it will do so only for 64 steps at max. - The InstallContext object's fields are renamed to will_process and has_processed (will_install and has_installed) since they are also used for deinstallation and all kinds of other operations. - The root directory is always verified before use. - install.c is reordered to place the exported functions together. - Stricter rules are followed when traversing symlinks: the unit suffix must say identical, and it's not allowed to link between regular units and templated units. - Various modernizations - The "invalid" unit file state has been renamed to "bad", in order to avoid confusion between UNIT_FILE_INVALID and _UNIT_FILE_STATE_INVALID. Given that the state should normally not be seen and is not documented this should not be a problematic change. The new name is now documented however. Fixes #1375, #1718, #1706
2015-11-12build-sys: fix dependenciesMichal Sekletar
update-man-list needs man/custom-entities.ent. Bug is nicely reproducible when running make update-man-list.
2015-11-11test-execute: Add tests for new PassEnvironment= directiveFilipe Brandenburger
Check the base case, plus erasing the list, listing the same variable name more than once and when variables are absent from the manager execution environment. Confirmed that `sudo ./test-execute` passes and that modifying the test cases (or the values of the set variables in test-execute.c) is enough to make the test cases fail.
2015-11-10Remove snapshot unit typeZbigniew Jędrzejewski-Szmek
Snapshots were never useful or used for anything. Many systemd developers that I spoke to at systemd.conf2015, didn't even know they existed, so it is fairly safe to assume that this type can be deleted without harm. The fundamental problem with snapshots is that the state of the system is dynamic, devices come and go, users log in and out, timers fire... and restoring all units to some state from the past would "undo" those changes, which isn't really possible. Tested by creating a snapshot, running the new binary, and checking that the transition did not cause errors, and the snapshot is gone, and snapshots cannot be created anymore. New systemctl says: Unknown operation snapshot. Old systemctl says: Failed to create snapshot: Support for snapshots has been removed. IgnoreOnSnaphost settings are warned about and ignored: Support for option IgnoreOnSnapshot= has been removed and it is ignored http://lists.freedesktop.org/archives/systemd-devel/2015-November/034872.html
2015-11-10tests: various fixesEvgeny Vereshchagin
* remove journal flushing (systemd-journal-flush.service runs journalctl --flush on boot) * use sh -c and PATH instead of @SYSTEMCTL@ expansion * remove unnecessary semicolons etc
2015-11-03sd-pppoe: dropTom Gundersen
It is really unclear if we want to / have the resources to support this fully, so drop it for now. It can easily be brought back if a killer usecase emerges. Note that this code was never hooked up, so this does not remove any features.
2015-11-02string-util: rework memory_erase() so that it cannot be optimized awayLennart Poettering
memory_erase() so far just called memset(), which the compiler might optimize away under certain conditions if it feels there's benefit in it. C11 knows a new memset_s() call that is like memset(), but may not be optimized away. Ideally, we'd just use that call, but glibc currently does not support it. Hence, implement our own simplistic version of it. We use a GCC pragma to turn off optimization for this call, and also use the "volatile" keyword on the pointers to ensure that gcc will use the pointers as-is. According to a variety of internet sources, either one does the trick. However, there are also reports that at least the volatile thing isn't fully correct, hence let's add some snake oil and employ both techniques. https://news.ycombinator.com/item?id=4711346
2015-10-31test-path: move all related test files to a specific directoryRonny Chevalier
To avoid polluting test/
2015-10-31test-execute: move all files related to a specific directoryRonny Chevalier
To avoid polluting test/
2015-10-31build-sys: add missing test files to EXTRA_DISTRonny Chevalier
2015-10-31test-execute: add tests for IOSchedulingClassRonny Chevalier
2015-10-31test-execute: add tests for OOMScoreAdjustRonny Chevalier
2015-10-31test-execute: add test for EnvironmentFileRonny Chevalier
2015-10-31test-execute: add test for PrivateNetworkRonny Chevalier
2015-10-28test-parse-util: Move parse-util tests into their own test caseFilipe Brandenburger
Tests for the functions defined in src/basic/parse-util.c. Reorder them to match the order in which the functions are defined in the source file. Adjusted the list of include files to remove the ones no longer needed in test-util.c. Tested that `make check` still passes as expected. Also checked the number of lines removed from test-util.c matches the expected, as an additional verification that no tests were dropped or duplicated in the move.
2015-10-28test-extract-word: Move extract-word tests into their own test caseFilipe Brandenburger
Tests for the functions defined in src/basic/extract-word.c. Tested that `make check` still passes as expected.
2015-10-28l10n: add zh_CN translation.Boyuan Yang
2015-10-27util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering
2015-10-27util-lib: split out globbing related calls into glob-util.[ch]Lennart Poettering
2015-10-27util-lib: split out printf() helpers to stdio-util.hLennart Poettering
2015-10-27util-lib: move web-related calls into web-util.[ch]Lennart Poettering
2015-10-27util-lib: split out syslog-related calls into syslog-util.[ch]Lennart Poettering
2015-10-27util-lib: move /proc/cmdline parsing code to proc-cmdline.[ch]Lennart Poettering
2015-10-27src/basic: rename audit.[ch] → audit-util.[ch] and capability.[ch] → ↵Lennart Poettering
capability-util.[ch] The files are named too generically, so that they might conflict with the upstream project headers. Hence, let's add a "-util" suffix, to clarify that this are just our utility headers and not any official upstream headers.
2015-10-27util-lib: split out umask-related code to umask-util.hLennart Poettering
2015-10-27util-lib: move string table stuff into its own string-table.[ch]Lennart Poettering
2015-10-27util-lib: split stat()/statfs()/stavfs() related calls into stat-util.[ch]Lennart Poettering
2015-10-27util-lib: move a number of fs operations into fs-util.[ch]Lennart Poettering
2015-10-27util-lib: split out file attribute calls to chattr-util.[ch]Lennart Poettering
2015-10-27util-lib: split xattr-related calls into xattr-util.[ch]Lennart Poettering