Age | Commit message (Collapse) | Author |
|
sd-boot: put hashed kernel command line in a PCR of the TPM
|
|
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.
Because manually added LoadOptions are not taken into account, these
should be recorded also.
This patch logs and extends a TPM PCR register with the LoadOptions.
This feature can be enabled with configure --enable-tpm
The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
|
|
|
|
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
|
|
Fixes #2567
|
|
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.
[
@zonque:
* rebased to current master
* use AC_CHECK_DECLS to detect availibility of char{16,32}_t
* make utf8_encoded_to_unichar() return int
]
|
|
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.
Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
|
|
|
|
Fixes:
$ ./configure ... --enable-smack
$ make src/core/load-fragment-gperf.c
$ grep -i smack src/core/load-fragment-gperf.c
{"Swap.SmackProcessLabel", config_parse_warn_compat, DISABLED_CONFIGURATION, 0},
...
should be
{"Swap.SmackProcessLabel", config_parse_exec_smack_process_label, 0, offsetof(Swap, exec_context)},
...
|
|
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
|
|
Third DNSSEC patch series
|
|
Hence, pull in this library too, if we need libgcrypt.
|
|
Fixes:
$ ./configure ... --disable-microhttpd --enable-libcurl
--enable-sysusers
$ make && make install DESTDIR=$(pwd)/INST
$ ls INST/usr/lib/sysusers.d/
basic.conf systemd.conf
There is no a file with `systemd-journald-upload`
|
|
Prepare for v228 release and bump version numbers.
|
|
util-linux 2.27.1's configure.ac still claims to be 2.27.0, which breaks our
version check. Lower it back to 2.27.0 until util-linux gets a fixed tarball.
See #1754
|
|
util-linux 2.27.1 now entirely stops looking at /etc/mtab, so we don't need to
verify /etc/mtab during early boot any more. Later on, tmpfiles.d/etc.conf will
fix /etc/mtab anyway, so there's not even a point in warning about it.
Drop test_mtab() and bump the util-linux dependency to >= 2.17.1.
Fixes #1495
|
|
Using lz4 frame api for coredump files
|
|
--enable-lz4 can be used to force lz4 requirement,
--disable-lz4 can be used to skip lz4 support even if available.
Also, make surrounding checks for bzip2, xz, and zlib similar in structure.
This fixes the check for requested but missing bzip2.
|
|
Not everything needs to link to libdl. dlopen+dlsym are used only by
libnss_resolve.
|
|
The intent of the assignments around the check for libcap was obviously
to avoid polluting LIBS. To work properly, LIBS must be restored from
the save_LIBS variable.
The practical effect is small though, because pretty much everything
links with libbasic, which links with CAP_LIBS.
|
|
We have two AC_CHECK_LIB checks for libdw. The first one has an empty
action-if-found, so it defaults to adding "-ldw" to LIBS. LIBS are
applied to everything we build. But only systemd-coredump needs libdw.
It already links to ELFUTILS_LIBS correctly in Makefile.am.
Drop the first AC_CHECK_LIB check. The second check is sufficient.
Q: Don't we already use "-Wl,--as-needed" to eliminate overlinking?
A: We do, but it is effective only for executables, not for shared
libraries. This is due to a libtool bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=347650
|
|
Only check for xsltproc if it will be used.
If not found, complain.
https://github.com/systemd/systemd/issues/1521
|
|
The new frame api was released in v. 125.
|
|
|
|
This adds support for caching harddisk passwords in the kernel keyring
if it is available, thus supporting caching without Plymouth being
around.
This is also useful for hooking up "gdm-auto-login" with the collected
boot-time harddisk password, in order to support gnome keyring
passphrase unlocking via the HDD password, if it is the same.
Any passwords added to the kernel keyring this way have a timeout of
2.5min at which time they are purged from the kernel.
|
|
|
|
build-sys: only use AM_PATH_LIBGCRYPT macro if it exists
|
|
If gcrypt's m4 macro files aren't installed, with this change, gcrypt
will be disabled --- unless gcrypt support was explicitly requested by
passing --enable-gcrypt to configure, in which case it will fail.
Without this change, autoconf would fail either way with not being able
to resolve AM_PATH_LIBGCRYPT.
|
|
What is the rationale to have AC_FUNC_MALLOC? It does not actually
abort the configure run if an "unsuitable" malloc was found, and
instead just replaces malloc by rpl_malloc, for which systemd however
has no definition, either.
Remove the call.
|
|
gcc versions 4.6 and earlier used to complain when a local variable
shadows a global function, 4.7 and above only complain if a local
variable shadows a global variable.
Fix this by checking whether gcc 4.7+ behavior is in place before
deciding to use -Werror=shadow in $(CFLAGS), by using a custom test
program source that shadows a global function with a local variable and
confirming that -Werror=shadow does not make the compile to break.
Tested:
- On gcc 4.7 and 4.8, confirmed nothing changed (other than the order of
the -Werror=shadow argument, going to the end of CFLAGS.)
- On gcc 4.6, confirmed by looking at the config.log output that the
check for -Werror=shadow failed and it was not included in CFLAGS.
- Ran `make V=1` to confirm -Werror=shadow was still in use, introduced
a bogus shadowing issue and confirmed it was caught when building with
a recent gcc.
|
|
The current implementation directly monitor /proc/self/mountinfo and
/run/mount/utab files. It's really not optimal because utab file is
private libmount stuff without any official guaranteed semantic.
The libmount since v2.26 provides API to monitor mount kernel &
userspace changes and since v2.27 the monitor is usable for
non-root users too.
This patch replaces the current implementation with libmount based
solution.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
|
|
Bump version info and update NEWS for the upcoming release.
|
|
We no longer use sphinx as part of the build process so remove it from
the configure summary as well.
This is a leftover from commit 2799e519cabb6dfa99341b9a56ebd4dc2a4ec22a.
|
|
If we don't look for them, LT_INIT will and default to the unprefixed
tools.
Apparently clang doesn't like the wrappers being used. Should fix #1077.
|
|
|
|
This way it is more readable in a wall of configure output.
|
|
./configure --with-bashcompletiondir=no or --without-bashcompletiondir
now works as expected. Similarly for zsh.
https://github.com/systemd/systemd/issues/533
|
|
Prepare for bug-fix release and bump versions.
|
|
AC_CHECK_FILE fails when cross-compiling. It is intended to be used to
check for files that are used at runtime during build time (e.g.
/etc/passwd, /dev/*) [1]. For files which are only used at build time
'test -f' is sufficient.
[1]: https://lists.gnu.org/archive/html/autoconf/2000-10/msg00018.html
|
|
Bump version to 223 and increase libsystemd libtool-info as we added a
structure-member (without increasing structure size) to sd-bus-vtable.
|
|
This drops the libsystemd-terminal and systemd-consoled code for various
reasons:
* It's been sitting there unfinished for over a year now and won't get
finished any time soon.
* Since its initial creation, several parts need significant rework: The
input handling should be replaced with the now commonly used libinput,
the drm accessors should coordinate the handling of mode-object
hotplugging (including split connectors) with other DRM users, and the
internal library users should be converted to sd-device and friends.
* There is still significant kernel work required before sd-console is
really useful. This includes, but is not limited to, simpledrm and
drmlog.
* The authority daemon is needed before all this code can be used for
real. And this will definitely take a lot more time to get done as
no-one else is currently working on this, but me.
* kdbus maintenance has taken up way more time than I thought and it has
much higher priority. I don't see me spending much time on the
terminal code in the near future.
If anyone intends to hack on this, please feel free to contact me. I'll
gladly help you out with any issues. Once kdbus and authorityd are
finished (whenever that will be..) I'll definitely pick this up again. But
until then, lets reduce compile times and maintenance efforts on this code
and drop it for now.
|
|
networkd: add bridge link properties
|
|
build-sys: Use slim LTO objects if possible
|
|
|
|
|
|
|
|
While 235c6e6 gets LTO builds running again, it goes back to using fat
LTO objects instead of using gcc-{ar,nm,ranlib}. Building these fat
objects takes significantly more time.
Use the suggested solution and look for gcc-{ar,nm,ranlib}, which launch
the binutils tools with the appropriate --plugin parameter. GCC versions
that do not ship these should either default to -ffat-lto-objects or do
not support LTO at all.
On another note, nm from binutils 2.25 seems to be smart enough to load
the LTO plugin when needed without having to specify --plugin.
|
|
systemd
Also, explain the situation in the docs.
Relates to #437
|
|
Remove python-systemd
|