platform/upstream/systemd.git
12 years agojournal: include machine ID in QR code
Lennart Poettering [Mon, 20 Aug 2012 20:11:38 +0000 (22:11 +0200)]
journal: include machine ID in QR code

12 years agojournalctl: output FSS key as QR code on generating
Lennart Poettering [Mon, 20 Aug 2012 20:02:19 +0000 (22:02 +0200)]
journalctl: output FSS key as QR code on generating

12 years agojournal: add missing endianess conversion
Lennart Poettering [Mon, 20 Aug 2012 17:21:19 +0000 (19:21 +0200)]
journal: add missing endianess conversion

12 years agojournal: make libgcrypt dependency optional
Lennart Poettering [Mon, 20 Aug 2012 14:51:46 +0000 (16:51 +0200)]
journal: make libgcrypt dependency optional

12 years agojournal: use a macro to check for file header flags
Lennart Poettering [Mon, 20 Aug 2012 14:11:42 +0000 (16:11 +0200)]
journal: use a macro to check for file header flags

12 years agojournal: fix tag ordering check
Lennart Poettering [Mon, 20 Aug 2012 13:59:33 +0000 (15:59 +0200)]
journal: fix tag ordering check

12 years agojournal: fix bisection algorithm
Lennart Poettering [Sun, 19 Aug 2012 13:16:32 +0000 (15:16 +0200)]
journal: fix bisection algorithm

12 years agojournal: validate timestamps as well
Lennart Poettering [Sun, 19 Aug 2012 13:15:59 +0000 (15:15 +0200)]
journal: validate timestamps as well

12 years agommap: resize arrays dynamically
Lennart Poettering [Fri, 17 Aug 2012 23:46:20 +0000 (01:46 +0200)]
mmap: resize arrays dynamically

12 years agojournal: even more simple static object tests
Lennart Poettering [Fri, 17 Aug 2012 23:45:39 +0000 (01:45 +0200)]
journal: even more simple static object tests

12 years agojournal: refuse verification of files with unknown flags
Lennart Poettering [Fri, 17 Aug 2012 22:40:48 +0000 (00:40 +0200)]
journal: refuse verification of files with unknown flags

12 years agojounral: write bit fiddling test
Lennart Poettering [Fri, 17 Aug 2012 22:40:03 +0000 (00:40 +0200)]
jounral: write bit fiddling test

This test goes through every single bit in a journal file, toggles it,
and checks if this change is detected by the verification.

12 years agojournal: fix verification without key
Lennart Poettering [Fri, 17 Aug 2012 22:38:57 +0000 (00:38 +0200)]
journal: fix verification without key

12 years agojournald: add additional simple static tests to verifier
Lennart Poettering [Fri, 17 Aug 2012 22:37:21 +0000 (00:37 +0200)]
journald: add additional simple static tests to verifier

12 years agojournal: be fine with opening rotated/corrupted journal files
Lennart Poettering [Fri, 17 Aug 2012 20:10:36 +0000 (22:10 +0200)]
journal: be fine with opening rotated/corrupted journal files

12 years agojournal: set secure deletion flags for FSS file
Lennart Poettering [Fri, 17 Aug 2012 20:10:11 +0000 (22:10 +0200)]
journal: set secure deletion flags for FSS file

12 years agojournal: after verification output validated time range
Lennart Poettering [Fri, 17 Aug 2012 01:30:22 +0000 (03:30 +0200)]
journal: after verification output validated time range

12 years agojournal: reword verification messages a bit
Lennart Poettering [Fri, 17 Aug 2012 01:01:07 +0000 (03:01 +0200)]
journal: reword verification messages a bit

12 years agojournal: ensure that entries and tags are properly ordered
Lennart Poettering [Fri, 17 Aug 2012 01:00:09 +0000 (03:00 +0200)]
journal: ensure that entries and tags are properly ordered

12 years agojournal: show new header fields in header dump
Lennart Poettering [Fri, 17 Aug 2012 00:29:20 +0000 (02:29 +0200)]
journal: show new header fields in header dump

12 years agojournal: don't write tag objects if nothing has been written since the last time
Lennart Poettering [Thu, 16 Aug 2012 23:19:32 +0000 (01:19 +0200)]
journal: don't write tag objects if nothing has been written since the last time

12 years agoman: add man pages for new FSS stuff
Lennart Poettering [Thu, 16 Aug 2012 23:09:43 +0000 (01:09 +0200)]
man: add man pages for new FSS stuff

12 years agojournal: rework terminology
Lennart Poettering [Thu, 16 Aug 2012 22:45:18 +0000 (00:45 +0200)]
journal: rework terminology

Let's clean up our terminology a bit. New terminology:

FSS = Forward Secure Sealing
FSPRG = Forward Secure Pseudo-Random Generator

FSS is the combination of FSPRG and a HMAC.

Sealing = process of adding authentication tags to the journal.
Verification = process of checking authentication tags to the journal.

Sealing Key = The key used for adding authentication tags to the journal.
Verification Key = The key used for checking authentication tags of the journal.
Key pair = The pair of Sealing Key and Verification Key

Internally, the Sealing Key is the combination of the FSPRG State plus
change interval/start time.

Internally, the Verification Key is the combination of the FSPRG Seed
plus change interval/start time.

12 years agojournal: add FSPRG journal authentication
Lennart Poettering [Thu, 16 Aug 2012 21:58:14 +0000 (23:58 +0200)]
journal: add FSPRG journal authentication

12 years agojournal: fix tag sequence number verification
Lennart Poettering [Thu, 16 Aug 2012 19:22:11 +0000 (21:22 +0200)]
journal: fix tag sequence number verification

12 years agojournalctl: immeidately terminate on invalid seed
Lennart Poettering [Thu, 16 Aug 2012 19:00:34 +0000 (21:00 +0200)]
journalctl: immeidately terminate on invalid seed

12 years agojournal: parse fsprg seed
Lennart Poettering [Thu, 16 Aug 2012 18:51:43 +0000 (20:51 +0200)]
journal: parse fsprg seed

12 years agojournal: count number of entry arrays in header
Lennart Poettering [Thu, 16 Aug 2012 18:51:24 +0000 (20:51 +0200)]
journal: count number of entry arrays in header

12 years agokeymap: fix map name reference
Kay Sievers [Thu, 16 Aug 2012 19:00:06 +0000 (21:00 +0200)]
keymap: fix map name reference

12 years agojournal: rename 'mmap' to 'mmap_cache' to appease gcc
Zbigniew Jędrzejewski-Szmek [Thu, 16 Aug 2012 17:30:36 +0000 (19:30 +0200)]
journal: rename 'mmap' to 'mmap_cache' to appease gcc

warning: declaration of 'mmap' shadows a global declaration [-Wshadow]

12 years agojournal: fix variable initialization
Lennart Poettering [Thu, 16 Aug 2012 15:39:00 +0000 (17:39 +0200)]
journal: fix variable initialization

12 years agojournal: fix unitialized var
Lennart Poettering [Thu, 16 Aug 2012 15:22:58 +0000 (17:22 +0200)]
journal: fix unitialized var

12 years agojournal: journal-send.h doesn't actually exist
Lennart Poettering [Thu, 16 Aug 2012 15:19:47 +0000 (17:19 +0200)]
journal: journal-send.h doesn't actually exist

12 years agojournal: verify structural consistency
Lennart Poettering [Thu, 16 Aug 2012 15:09:53 +0000 (17:09 +0200)]
journal: verify structural consistency

12 years agojournal: add color to verification progress bar
Lennart Poettering [Thu, 16 Aug 2012 01:45:10 +0000 (03:45 +0200)]
journal: add color to verification progress bar

12 years agojournal: verify compressed objects
Lennart Poettering [Thu, 16 Aug 2012 01:43:07 +0000 (03:43 +0200)]
journal: verify compressed objects

12 years agojournalctl: add --verify-seed= switch to specify seed value
Lennart Poettering [Thu, 16 Aug 2012 00:14:34 +0000 (02:14 +0200)]
journalctl: add --verify-seed= switch to specify seed value

12 years agojournal: verify hashes only during actual verification, not all the time
Lennart Poettering [Wed, 15 Aug 2012 23:59:25 +0000 (01:59 +0200)]
journal: verify hashes only during actual verification, not all the time

12 years agojournal: split up journal-file.c
Lennart Poettering [Wed, 15 Aug 2012 23:51:54 +0000 (01:51 +0200)]
journal: split up journal-file.c

12 years agojournal: add superficial structure verifier
Lennart Poettering [Wed, 15 Aug 2012 23:20:32 +0000 (01:20 +0200)]
journal: add superficial structure verifier

12 years agojournal: implement basic journal file verification logic
Lennart Poettering [Tue, 14 Aug 2012 23:54:09 +0000 (01:54 +0200)]
journal: implement basic journal file verification logic

12 years agoconf-parser: make parsing exit status lists non-fatal
Lennart Poettering [Tue, 14 Aug 2012 20:04:11 +0000 (22:04 +0200)]
conf-parser: make parsing exit status lists non-fatal

12 years agojournal: implement generic sharable mmap caching logic
Lennart Poettering [Tue, 14 Aug 2012 20:02:24 +0000 (22:02 +0200)]
journal: implement generic sharable mmap caching logic

instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.

12 years agokeymap: Add Sony VGN
Martin Pitt [Wed, 15 Aug 2012 06:46:03 +0000 (08:46 +0200)]
keymap: Add Sony VGN

https://launchpad.net/bugs/939868

12 years agoconf-parser: simplify a few things by using set_ensure_allocated() rather than set_new()
Lennart Poettering [Tue, 14 Aug 2012 16:42:26 +0000 (18:42 +0200)]
conf-parser: simplify a few things by using set_ensure_allocated() rather than set_new()

12 years agoman: extend documentation for RestartPreventExitStatus= and SuccessExitStatus= a bit
Lennart Poettering [Tue, 14 Aug 2012 16:37:45 +0000 (18:37 +0200)]
man: extend documentation for RestartPreventExitStatus= and SuccessExitStatus= a bit

12 years agoservice: add options RestartPreventExitStatus and SuccessExitStatus
Lukas Nykryn [Mon, 13 Aug 2012 11:58:01 +0000 (13:58 +0200)]
service: add options RestartPreventExitStatus and SuccessExitStatus

In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.

Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.

12 years agojournal: include tag object header in hmac
Lennart Poettering [Mon, 13 Aug 2012 19:52:58 +0000 (21:52 +0200)]
journal: include tag object header in hmac

12 years agojournal: add all objects we add to HMAC
Lennart Poettering [Mon, 13 Aug 2012 18:57:38 +0000 (20:57 +0200)]
journal: add all objects we add to HMAC

12 years agojournald: initial version of FSPRG hookup
Lennart Poettering [Mon, 13 Aug 2012 18:31:10 +0000 (20:31 +0200)]
journald: initial version of FSPRG hookup

This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.

12 years agoumount: MS_MGC_VAL is so 90s
Lennart Poettering [Mon, 13 Aug 2012 14:30:10 +0000 (16:30 +0200)]
umount: MS_MGC_VAL is so 90s

12 years agoupdate TODO
Lennart Poettering [Mon, 13 Aug 2012 14:27:17 +0000 (16:27 +0200)]
update TODO

12 years agonspawn,namespaces: make sure we recursively bind mount things in
Lennart Poettering [Mon, 13 Aug 2012 14:25:03 +0000 (16:25 +0200)]
nspawn,namespaces: make sure we recursively bind mount things in

We want to make sure that everything from the host is also visible in
the sandbox.

12 years agomachine-id: properly mount transient machine ID read-only
Lennart Poettering [Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)]
machine-id: properly mount transient machine ID read-only

12 years agonspawn: unset a few unnecessary params to mount()
Lennart Poettering [Mon, 13 Aug 2012 14:23:31 +0000 (16:23 +0200)]
nspawn: unset a few unnecessary params to mount()

12 years agoupdate TODO
Lennart Poettering [Mon, 13 Aug 2012 13:39:25 +0000 (15:39 +0200)]
update TODO

12 years agonamespace: rework namespace support
Lennart Poettering [Mon, 13 Aug 2012 13:27:04 +0000 (15:27 +0200)]
namespace: rework namespace support

- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
  right behaviour when people want writable mounts inside of
  read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel

12 years agonspawn: inherit mounts from real root, don't propagate mounts to real root
Lennart Poettering [Mon, 13 Aug 2012 13:23:10 +0000 (15:23 +0200)]
nspawn: inherit mounts from real root, don't propagate mounts to real root

12 years agoswitch-root: remount to MS_PRIVATE
Lennart Poettering [Sat, 11 Aug 2012 23:29:41 +0000 (01:29 +0200)]
switch-root: remount to MS_PRIVATE

The kernel does not allow switching roots if things are mounted
MS_SHARED. As a work-around, remount things MS_PRIVATE before switching
roots.

This should be fixed in the kernel for good.

https://bugzilla.redhat.com/show_bug.cgi?id=847418

12 years agoudev: export udev_device_new_from_device_id()
Kay Sievers [Fri, 10 Aug 2012 17:56:57 +0000 (19:56 +0200)]
udev: export udev_device_new_from_device_id()

12 years agosystemctl: fix issue with systemctl daemon-reexec
Simon Peeters [Fri, 10 Aug 2012 15:32:19 +0000 (17:32 +0200)]
systemctl: fix issue with systemctl daemon-reexec

12 years agoshared/utf8: mark char* as const
Dave Reisner [Fri, 10 Aug 2012 15:02:04 +0000 (11:02 -0400)]
shared/utf8: mark char* as const

Avoids compiler warning:

  src/shared/utf8.c: In function 'ascii_filter':
  src/shared/utf8.c:278:16: warning: assignment discards 'const' qualifier
      from pointer target type [enabled by default]

12 years agoshutdown: recursively mark root as private before pivot
Dave Reisner [Fri, 10 Aug 2012 15:02:03 +0000 (11:02 -0400)]
shutdown: recursively mark root as private before pivot

Because root is now recursively marked as shared on bootup, we need to
recursively mark root as private. This prevents a pivot_root failure on
shutdown:

  Cannot finalize remaining file systems and devices, giving up.
  pivot failed: Invalid argument

12 years agoid128: don't use C99 bool in public headers
Lennart Poettering [Fri, 10 Aug 2012 15:58:46 +0000 (17:58 +0200)]
id128: don't use C99 bool in public headers

12 years agojournald: never read the same kernel msg twice, and generate message when we lose one
Lennart Poettering [Thu, 9 Aug 2012 15:52:05 +0000 (17:52 +0200)]
journald: never read the same kernel msg twice, and generate message when we lose one

12 years agoupdate TODO
Lennart Poettering [Thu, 9 Aug 2012 15:25:22 +0000 (17:25 +0200)]
update TODO

12 years agoman: document kernel journal fields
Lennart Poettering [Thu, 9 Aug 2012 15:12:07 +0000 (17:12 +0200)]
man: document kernel journal fields

12 years agojournalctl: support device node matches as shortcut
Lennart Poettering [Thu, 9 Aug 2012 15:05:29 +0000 (17:05 +0200)]
journalctl: support device node matches as shortcut

12 years agojournald: properly unescape messages from /dev/kmsg
Lennart Poettering [Thu, 9 Aug 2012 14:49:28 +0000 (16:49 +0200)]
journald: properly unescape messages from /dev/kmsg

12 years agojournald: also parse kernel key/value fields and store them prefixed with _KERNEL_...
Lennart Poettering [Thu, 9 Aug 2012 14:29:16 +0000 (16:29 +0200)]
journald: also parse kernel key/value fields and store them prefixed with _KERNEL_ as journal fields

12 years agojournald: basic support for /dev/kmsg parsing
Lennart Poettering [Thu, 9 Aug 2012 13:57:24 +0000 (15:57 +0200)]
journald: basic support for /dev/kmsg parsing

12 years agoman: clarify the order of seats in sd_get_seats() is undefined
Lennart Poettering [Thu, 9 Aug 2012 13:57:01 +0000 (15:57 +0200)]
man: clarify the order of seats in sd_get_seats() is undefined

12 years agoupdate mailmap
Lennart Poettering [Thu, 9 Aug 2012 10:52:49 +0000 (12:52 +0200)]
update mailmap

12 years agobuild-sys: use more generic regular expression to generate syscall-list.txt correctly
Huang Hang [Thu, 9 Aug 2012 03:22:08 +0000 (11:22 +0800)]
build-sys: use more generic regular expression to generate syscall-list.txt correctly

Currently MIPS and ARM define syscall numbers for multiple ABI in one
<asm/unistd.h>. The #define statments for each syscall are formated as:

 #define __NR_scname (BASE_OFFSET + sc_number)

Thus we need a more generic regular expression to match these in awk.

12 years agoupdate TODO
Lennart Poettering [Thu, 9 Aug 2012 00:10:44 +0000 (02:10 +0200)]
update TODO

12 years agofix a couple of issues found with llvm-analyze
Lennart Poettering [Wed, 8 Aug 2012 21:54:21 +0000 (23:54 +0200)]
fix a couple of issues found with llvm-analyze

12 years agobuild-sys: prepare release 188 v188
Lennart Poettering [Wed, 8 Aug 2012 19:49:01 +0000 (21:49 +0200)]
build-sys: prepare release 188

12 years agoupdate TODO
Lennart Poettering [Wed, 8 Aug 2012 17:30:18 +0000 (19:30 +0200)]
update TODO

12 years agobuild-sys: add CFLAGS to CPP calls
Peter Alfredsen [Wed, 8 Aug 2012 19:33:42 +0000 (21:33 +0200)]
build-sys: add CFLAGS to CPP calls

It changes the defines WORDSIZE and __I386, CFLAGS=-m32.

12 years agobuild-sys: really override CFLAGS for gtk-doc
Zbigniew Jędrzejewski-Szmek [Wed, 8 Aug 2012 17:00:35 +0000 (19:00 +0200)]
build-sys: really override CFLAGS for gtk-doc

In 29a00c41 an override was added, but commandline variables have
higher precedence than Makefile variables, so the override was not
effective for commandline variables.

While at it, duplicate for libudev.

12 years agoupdate TODO
Lennart Poettering [Wed, 8 Aug 2012 17:19:45 +0000 (19:19 +0200)]
update TODO

12 years agoupdate TODO
Lennart Poettering [Wed, 8 Aug 2012 17:09:59 +0000 (19:09 +0200)]
update TODO

12 years agoMerge remote-tracking branch 'simonpe/cleanup'
Lennart Poettering [Wed, 8 Aug 2012 16:44:15 +0000 (18:44 +0200)]
Merge remote-tracking branch 'simonpe/cleanup'

12 years agoupdate TODO
Lennart Poettering [Wed, 8 Aug 2012 16:10:35 +0000 (18:10 +0200)]
update TODO

12 years agoudev: fix typo in copyright
Kay Sievers [Wed, 8 Aug 2012 16:24:50 +0000 (18:24 +0200)]
udev: fix typo in copyright

12 years agogudev: docs - work around the broken gtk-doc mess
Kay Sievers [Wed, 8 Aug 2012 16:16:50 +0000 (18:16 +0200)]
gudev: docs - work around the broken gtk-doc mess

gtk-doc add CFLAGS/LDFLAGS multiple times to the gcc command line,
which breaks options that must be listed only once.

For now, clear CFLAGS/LDFLAGS for the intermediate documentation
binary.

12 years agosystemd: introduced new timeout types
Michal Sekletar [Tue, 7 Aug 2012 12:41:48 +0000 (14:41 +0200)]
systemd: introduced new timeout types

Makes possible to specify separate timeout for start and stop of
the service.

[ Improved the manpage. Coding style fix. -- michich ]

12 years agologind: use bus_method_call_with_reply() where posible
Simon Peeters [Wed, 8 Aug 2012 15:20:04 +0000 (17:20 +0200)]
logind: use bus_method_call_with_reply() where posible

12 years agoupdate-utmp: use bus_method_call_with_reply() where posible
Simon Peeters [Wed, 8 Aug 2012 15:19:30 +0000 (17:19 +0200)]
update-utmp: use bus_method_call_with_reply() where posible

12 years agoudev: re-initialize builtins in the daemon process, not in the worker
Kay Sievers [Wed, 8 Aug 2012 14:27:11 +0000 (16:27 +0200)]
udev: re-initialize builtins in the daemon process, not in the worker

12 years agoudev: initialize rules dir timestamps when reading rules
Kay Sievers [Wed, 8 Aug 2012 12:45:16 +0000 (14:45 +0200)]
udev: initialize rules dir timestamps when reading rules

On Wed, Aug 8, 2012 at 11:48 AM, Michael Schroeder <mls@suse.de> wrote:
> if rules are installed in the first 3 seconds after the udev start,
> the stamps will all be zero, so the [first] call to check_rules_timestamp()
> will just copy the current mtime [and not cause a rules re-load].

12 years agologinctl: use bus_method_call_with_reply() where posible
Simon Peeters [Wed, 8 Aug 2012 12:38:05 +0000 (14:38 +0200)]
loginctl: use bus_method_call_with_reply() where posible

12 years agoautogen.sh: disable _FORTIFY_SOURCE, we want -O0, which is incompatible
Kay Sievers [Wed, 8 Aug 2012 11:16:57 +0000 (13:16 +0200)]
autogen.sh: disable _FORTIFY_SOURCE, we want -O0, which is incompatible

12 years agobuild-sys: link internal selinux lib to systemd-remount-fs
Kay Sievers [Wed, 8 Aug 2012 10:28:45 +0000 (12:28 +0200)]
build-sys: link internal selinux lib to systemd-remount-fs

12 years agobuild-sys: pass param to stack protector
Lennart Poettering [Wed, 8 Aug 2012 10:26:53 +0000 (12:26 +0200)]
build-sys: pass param to stack protector

12 years agobuild-sys: drop obsolete gcc switch
Lennart Poettering [Wed, 8 Aug 2012 10:26:41 +0000 (12:26 +0200)]
build-sys: drop obsolete gcc switch

12 years agobuild-sys: typo fix
Lennart Poettering [Wed, 8 Aug 2012 10:26:27 +0000 (12:26 +0200)]
build-sys: typo fix

12 years agoTODO: misleading socket warning
Kay Sievers [Wed, 8 Aug 2012 10:09:33 +0000 (12:09 +0200)]
TODO: misleading socket warning

12 years agobuild-sys: enable a couple of security features
Lennart Poettering [Wed, 8 Aug 2012 10:03:34 +0000 (12:03 +0200)]
build-sys: enable a couple of security features

Most distributions enable these downstream anyway, but it probably makes
sense to enable them unconditionally upstream too.

12 years agomove bus_method_call_with_reply() to dbus-common
Simon Peeters [Wed, 8 Aug 2012 00:04:40 +0000 (02:04 +0200)]
move bus_method_call_with_reply() to dbus-common