Lennart Poettering [Mon, 20 Aug 2012 20:11:38 +0000 (22:11 +0200)]
journal: include machine ID in QR code
Lennart Poettering [Mon, 20 Aug 2012 20:02:19 +0000 (22:02 +0200)]
journalctl: output FSS key as QR code on generating
Lennart Poettering [Mon, 20 Aug 2012 17:21:19 +0000 (19:21 +0200)]
journal: add missing endianess conversion
Lennart Poettering [Mon, 20 Aug 2012 14:51:46 +0000 (16:51 +0200)]
journal: make libgcrypt dependency optional
Lennart Poettering [Mon, 20 Aug 2012 14:11:42 +0000 (16:11 +0200)]
journal: use a macro to check for file header flags
Lennart Poettering [Mon, 20 Aug 2012 13:59:33 +0000 (15:59 +0200)]
journal: fix tag ordering check
Lennart Poettering [Sun, 19 Aug 2012 13:16:32 +0000 (15:16 +0200)]
journal: fix bisection algorithm
Lennart Poettering [Sun, 19 Aug 2012 13:15:59 +0000 (15:15 +0200)]
journal: validate timestamps as well
Lennart Poettering [Fri, 17 Aug 2012 23:46:20 +0000 (01:46 +0200)]
mmap: resize arrays dynamically
Lennart Poettering [Fri, 17 Aug 2012 23:45:39 +0000 (01:45 +0200)]
journal: even more simple static object tests
Lennart Poettering [Fri, 17 Aug 2012 22:40:48 +0000 (00:40 +0200)]
journal: refuse verification of files with unknown flags
Lennart Poettering [Fri, 17 Aug 2012 22:40:03 +0000 (00:40 +0200)]
jounral: write bit fiddling test
This test goes through every single bit in a journal file, toggles it,
and checks if this change is detected by the verification.
Lennart Poettering [Fri, 17 Aug 2012 22:38:57 +0000 (00:38 +0200)]
journal: fix verification without key
Lennart Poettering [Fri, 17 Aug 2012 22:37:21 +0000 (00:37 +0200)]
journald: add additional simple static tests to verifier
Lennart Poettering [Fri, 17 Aug 2012 20:10:36 +0000 (22:10 +0200)]
journal: be fine with opening rotated/corrupted journal files
Lennart Poettering [Fri, 17 Aug 2012 20:10:11 +0000 (22:10 +0200)]
journal: set secure deletion flags for FSS file
Lennart Poettering [Fri, 17 Aug 2012 01:30:22 +0000 (03:30 +0200)]
journal: after verification output validated time range
Lennart Poettering [Fri, 17 Aug 2012 01:01:07 +0000 (03:01 +0200)]
journal: reword verification messages a bit
Lennart Poettering [Fri, 17 Aug 2012 01:00:09 +0000 (03:00 +0200)]
journal: ensure that entries and tags are properly ordered
Lennart Poettering [Fri, 17 Aug 2012 00:29:20 +0000 (02:29 +0200)]
journal: show new header fields in header dump
Lennart Poettering [Thu, 16 Aug 2012 23:19:32 +0000 (01:19 +0200)]
journal: don't write tag objects if nothing has been written since the last time
Lennart Poettering [Thu, 16 Aug 2012 23:09:43 +0000 (01:09 +0200)]
man: add man pages for new FSS stuff
Lennart Poettering [Thu, 16 Aug 2012 22:45:18 +0000 (00:45 +0200)]
journal: rework terminology
Let's clean up our terminology a bit. New terminology:
FSS = Forward Secure Sealing
FSPRG = Forward Secure Pseudo-Random Generator
FSS is the combination of FSPRG and a HMAC.
Sealing = process of adding authentication tags to the journal.
Verification = process of checking authentication tags to the journal.
Sealing Key = The key used for adding authentication tags to the journal.
Verification Key = The key used for checking authentication tags of the journal.
Key pair = The pair of Sealing Key and Verification Key
Internally, the Sealing Key is the combination of the FSPRG State plus
change interval/start time.
Internally, the Verification Key is the combination of the FSPRG Seed
plus change interval/start time.
Lennart Poettering [Thu, 16 Aug 2012 21:58:14 +0000 (23:58 +0200)]
journal: add FSPRG journal authentication
Lennart Poettering [Thu, 16 Aug 2012 19:22:11 +0000 (21:22 +0200)]
journal: fix tag sequence number verification
Lennart Poettering [Thu, 16 Aug 2012 19:00:34 +0000 (21:00 +0200)]
journalctl: immeidately terminate on invalid seed
Lennart Poettering [Thu, 16 Aug 2012 18:51:43 +0000 (20:51 +0200)]
journal: parse fsprg seed
Lennart Poettering [Thu, 16 Aug 2012 18:51:24 +0000 (20:51 +0200)]
journal: count number of entry arrays in header
Kay Sievers [Thu, 16 Aug 2012 19:00:06 +0000 (21:00 +0200)]
keymap: fix map name reference
Zbigniew Jędrzejewski-Szmek [Thu, 16 Aug 2012 17:30:36 +0000 (19:30 +0200)]
journal: rename 'mmap' to 'mmap_cache' to appease gcc
warning: declaration of 'mmap' shadows a global declaration [-Wshadow]
Lennart Poettering [Thu, 16 Aug 2012 15:39:00 +0000 (17:39 +0200)]
journal: fix variable initialization
Lennart Poettering [Thu, 16 Aug 2012 15:22:58 +0000 (17:22 +0200)]
journal: fix unitialized var
Lennart Poettering [Thu, 16 Aug 2012 15:19:47 +0000 (17:19 +0200)]
journal: journal-send.h doesn't actually exist
Lennart Poettering [Thu, 16 Aug 2012 15:09:53 +0000 (17:09 +0200)]
journal: verify structural consistency
Lennart Poettering [Thu, 16 Aug 2012 01:45:10 +0000 (03:45 +0200)]
journal: add color to verification progress bar
Lennart Poettering [Thu, 16 Aug 2012 01:43:07 +0000 (03:43 +0200)]
journal: verify compressed objects
Lennart Poettering [Thu, 16 Aug 2012 00:14:34 +0000 (02:14 +0200)]
journalctl: add --verify-seed= switch to specify seed value
Lennart Poettering [Wed, 15 Aug 2012 23:59:25 +0000 (01:59 +0200)]
journal: verify hashes only during actual verification, not all the time
Lennart Poettering [Wed, 15 Aug 2012 23:51:54 +0000 (01:51 +0200)]
journal: split up journal-file.c
Lennart Poettering [Wed, 15 Aug 2012 23:20:32 +0000 (01:20 +0200)]
journal: add superficial structure verifier
Lennart Poettering [Tue, 14 Aug 2012 23:54:09 +0000 (01:54 +0200)]
journal: implement basic journal file verification logic
Lennart Poettering [Tue, 14 Aug 2012 20:04:11 +0000 (22:04 +0200)]
conf-parser: make parsing exit status lists non-fatal
Lennart Poettering [Tue, 14 Aug 2012 20:02:24 +0000 (22:02 +0200)]
journal: implement generic sharable mmap caching logic
instead of having one simple per-file cache implement an more
comprehensive one that works for multiple files and can actually
maintain multiple maps per file and per object type.
Martin Pitt [Wed, 15 Aug 2012 06:46:03 +0000 (08:46 +0200)]
keymap: Add Sony VGN
https://launchpad.net/bugs/939868
Lennart Poettering [Tue, 14 Aug 2012 16:42:26 +0000 (18:42 +0200)]
conf-parser: simplify a few things by using set_ensure_allocated() rather than set_new()
Lennart Poettering [Tue, 14 Aug 2012 16:37:45 +0000 (18:37 +0200)]
man: extend documentation for RestartPreventExitStatus= and SuccessExitStatus= a bit
Lukas Nykryn [Mon, 13 Aug 2012 11:58:01 +0000 (13:58 +0200)]
service: add options RestartPreventExitStatus and SuccessExitStatus
In some cases, like wrong configuration, restarting after error
does not help, so administrator can specify statuses by RestartPreventExitStatus
which will not cause restart of a service.
Sometimes you have non-standart exit status, so this can be specified
by SuccessfulExitStatus.
Lennart Poettering [Mon, 13 Aug 2012 19:52:58 +0000 (21:52 +0200)]
journal: include tag object header in hmac
Lennart Poettering [Mon, 13 Aug 2012 18:57:38 +0000 (20:57 +0200)]
journal: add all objects we add to HMAC
Lennart Poettering [Mon, 13 Aug 2012 18:31:10 +0000 (20:31 +0200)]
journald: initial version of FSPRG hookup
This adds forward-secure authentication of journal files. This patch
includes key generation as well as tagging of journal files,
Verification of journal files will be added in a later patch.
Lennart Poettering [Mon, 13 Aug 2012 14:30:10 +0000 (16:30 +0200)]
umount: MS_MGC_VAL is so 90s
Lennart Poettering [Mon, 13 Aug 2012 14:27:17 +0000 (16:27 +0200)]
update TODO
Lennart Poettering [Mon, 13 Aug 2012 14:25:03 +0000 (16:25 +0200)]
nspawn,namespaces: make sure we recursively bind mount things in
We want to make sure that everything from the host is also visible in
the sandbox.
Lennart Poettering [Mon, 13 Aug 2012 14:24:30 +0000 (16:24 +0200)]
machine-id: properly mount transient machine ID read-only
Lennart Poettering [Mon, 13 Aug 2012 14:23:31 +0000 (16:23 +0200)]
nspawn: unset a few unnecessary params to mount()
Lennart Poettering [Mon, 13 Aug 2012 13:39:25 +0000 (15:39 +0200)]
update TODO
Lennart Poettering [Mon, 13 Aug 2012 13:27:04 +0000 (15:27 +0200)]
namespace: rework namespace support
- don't use pivot_root() anymore, just reuse root hierarchy
- first create all mounts, then mark them read-only so that we get the
right behaviour when people want writable mounts inside of
read-only mounts
- don't pass invalid combinations of MS_ constants to the kernel
Lennart Poettering [Mon, 13 Aug 2012 13:23:10 +0000 (15:23 +0200)]
nspawn: inherit mounts from real root, don't propagate mounts to real root
Lennart Poettering [Sat, 11 Aug 2012 23:29:41 +0000 (01:29 +0200)]
switch-root: remount to MS_PRIVATE
The kernel does not allow switching roots if things are mounted
MS_SHARED. As a work-around, remount things MS_PRIVATE before switching
roots.
This should be fixed in the kernel for good.
https://bugzilla.redhat.com/show_bug.cgi?id=847418
Kay Sievers [Fri, 10 Aug 2012 17:56:57 +0000 (19:56 +0200)]
udev: export udev_device_new_from_device_id()
Simon Peeters [Fri, 10 Aug 2012 15:32:19 +0000 (17:32 +0200)]
systemctl: fix issue with systemctl daemon-reexec
Dave Reisner [Fri, 10 Aug 2012 15:02:04 +0000 (11:02 -0400)]
shared/utf8: mark char* as const
Avoids compiler warning:
src/shared/utf8.c: In function 'ascii_filter':
src/shared/utf8.c:278:16: warning: assignment discards 'const' qualifier
from pointer target type [enabled by default]
Dave Reisner [Fri, 10 Aug 2012 15:02:03 +0000 (11:02 -0400)]
shutdown: recursively mark root as private before pivot
Because root is now recursively marked as shared on bootup, we need to
recursively mark root as private. This prevents a pivot_root failure on
shutdown:
Cannot finalize remaining file systems and devices, giving up.
pivot failed: Invalid argument
Lennart Poettering [Fri, 10 Aug 2012 15:58:46 +0000 (17:58 +0200)]
id128: don't use C99 bool in public headers
Lennart Poettering [Thu, 9 Aug 2012 15:52:05 +0000 (17:52 +0200)]
journald: never read the same kernel msg twice, and generate message when we lose one
Lennart Poettering [Thu, 9 Aug 2012 15:25:22 +0000 (17:25 +0200)]
update TODO
Lennart Poettering [Thu, 9 Aug 2012 15:12:07 +0000 (17:12 +0200)]
man: document kernel journal fields
Lennart Poettering [Thu, 9 Aug 2012 15:05:29 +0000 (17:05 +0200)]
journalctl: support device node matches as shortcut
Lennart Poettering [Thu, 9 Aug 2012 14:49:28 +0000 (16:49 +0200)]
journald: properly unescape messages from /dev/kmsg
Lennart Poettering [Thu, 9 Aug 2012 14:29:16 +0000 (16:29 +0200)]
journald: also parse kernel key/value fields and store them prefixed with _KERNEL_ as journal fields
Lennart Poettering [Thu, 9 Aug 2012 13:57:24 +0000 (15:57 +0200)]
journald: basic support for /dev/kmsg parsing
Lennart Poettering [Thu, 9 Aug 2012 13:57:01 +0000 (15:57 +0200)]
man: clarify the order of seats in sd_get_seats() is undefined
Lennart Poettering [Thu, 9 Aug 2012 10:52:49 +0000 (12:52 +0200)]
update mailmap
Huang Hang [Thu, 9 Aug 2012 03:22:08 +0000 (11:22 +0800)]
build-sys: use more generic regular expression to generate syscall-list.txt correctly
Currently MIPS and ARM define syscall numbers for multiple ABI in one
<asm/unistd.h>. The #define statments for each syscall are formated as:
#define __NR_scname (BASE_OFFSET + sc_number)
Thus we need a more generic regular expression to match these in awk.
Lennart Poettering [Thu, 9 Aug 2012 00:10:44 +0000 (02:10 +0200)]
update TODO
Lennart Poettering [Wed, 8 Aug 2012 21:54:21 +0000 (23:54 +0200)]
fix a couple of issues found with llvm-analyze
Lennart Poettering [Wed, 8 Aug 2012 19:49:01 +0000 (21:49 +0200)]
build-sys: prepare release 188
Lennart Poettering [Wed, 8 Aug 2012 17:30:18 +0000 (19:30 +0200)]
update TODO
Peter Alfredsen [Wed, 8 Aug 2012 19:33:42 +0000 (21:33 +0200)]
build-sys: add CFLAGS to CPP calls
It changes the defines WORDSIZE and __I386, CFLAGS=-m32.
Zbigniew Jędrzejewski-Szmek [Wed, 8 Aug 2012 17:00:35 +0000 (19:00 +0200)]
build-sys: really override CFLAGS for gtk-doc
In
29a00c41 an override was added, but commandline variables have
higher precedence than Makefile variables, so the override was not
effective for commandline variables.
While at it, duplicate for libudev.
Lennart Poettering [Wed, 8 Aug 2012 17:19:45 +0000 (19:19 +0200)]
update TODO
Lennart Poettering [Wed, 8 Aug 2012 17:09:59 +0000 (19:09 +0200)]
update TODO
Lennart Poettering [Wed, 8 Aug 2012 16:44:15 +0000 (18:44 +0200)]
Merge remote-tracking branch 'simonpe/cleanup'
Lennart Poettering [Wed, 8 Aug 2012 16:10:35 +0000 (18:10 +0200)]
update TODO
Kay Sievers [Wed, 8 Aug 2012 16:24:50 +0000 (18:24 +0200)]
udev: fix typo in copyright
Kay Sievers [Wed, 8 Aug 2012 16:16:50 +0000 (18:16 +0200)]
gudev: docs - work around the broken gtk-doc mess
gtk-doc add CFLAGS/LDFLAGS multiple times to the gcc command line,
which breaks options that must be listed only once.
For now, clear CFLAGS/LDFLAGS for the intermediate documentation
binary.
Michal Sekletar [Tue, 7 Aug 2012 12:41:48 +0000 (14:41 +0200)]
systemd: introduced new timeout types
Makes possible to specify separate timeout for start and stop of
the service.
[ Improved the manpage. Coding style fix. -- michich ]
Simon Peeters [Wed, 8 Aug 2012 15:20:04 +0000 (17:20 +0200)]
logind: use bus_method_call_with_reply() where posible
Simon Peeters [Wed, 8 Aug 2012 15:19:30 +0000 (17:19 +0200)]
update-utmp: use bus_method_call_with_reply() where posible
Kay Sievers [Wed, 8 Aug 2012 14:27:11 +0000 (16:27 +0200)]
udev: re-initialize builtins in the daemon process, not in the worker
Kay Sievers [Wed, 8 Aug 2012 12:45:16 +0000 (14:45 +0200)]
udev: initialize rules dir timestamps when reading rules
On Wed, Aug 8, 2012 at 11:48 AM, Michael Schroeder <mls@suse.de> wrote:
> if rules are installed in the first 3 seconds after the udev start,
> the stamps will all be zero, so the [first] call to check_rules_timestamp()
> will just copy the current mtime [and not cause a rules re-load].
Simon Peeters [Wed, 8 Aug 2012 12:38:05 +0000 (14:38 +0200)]
loginctl: use bus_method_call_with_reply() where posible
Kay Sievers [Wed, 8 Aug 2012 11:16:57 +0000 (13:16 +0200)]
autogen.sh: disable _FORTIFY_SOURCE, we want -O0, which is incompatible
Kay Sievers [Wed, 8 Aug 2012 10:28:45 +0000 (12:28 +0200)]
build-sys: link internal selinux lib to systemd-remount-fs
Lennart Poettering [Wed, 8 Aug 2012 10:26:53 +0000 (12:26 +0200)]
build-sys: pass param to stack protector
Lennart Poettering [Wed, 8 Aug 2012 10:26:41 +0000 (12:26 +0200)]
build-sys: drop obsolete gcc switch
Lennart Poettering [Wed, 8 Aug 2012 10:26:27 +0000 (12:26 +0200)]
build-sys: typo fix
Kay Sievers [Wed, 8 Aug 2012 10:09:33 +0000 (12:09 +0200)]
TODO: misleading socket warning
Lennart Poettering [Wed, 8 Aug 2012 10:03:34 +0000 (12:03 +0200)]
build-sys: enable a couple of security features
Most distributions enable these downstream anyway, but it probably makes
sense to enable them unconditionally upstream too.
Simon Peeters [Wed, 8 Aug 2012 00:04:40 +0000 (02:04 +0200)]
move bus_method_call_with_reply() to dbus-common