Lennart Poettering [Mon, 20 Nov 2023 13:26:18 +0000 (14:26 +0100)]
pcrlock: check for embedded NUL bytes
Lennart Poettering [Mon, 20 Nov 2023 13:25:56 +0000 (14:25 +0100)]
pcrlock: make sure we don't choke on empty records
Follow-up for
a43427013949
CID#1523832
Vito Caputo [Fri, 17 Nov 2023 20:30:32 +0000 (12:30 -0800)]
man: add note about journald forwarding being sync
This footgun should at least be documented, if there's not going
to be a shortcut setting to establish the async `journalctl
--follow` equivalent.
Fixes: https://github.com/systemd/systemd/issues/2815
Martin Joerg [Mon, 20 Nov 2023 10:04:21 +0000 (11:04 +0100)]
man: Fix example for systemd-run
Luca Boccassi [Sun, 19 Nov 2023 22:31:26 +0000 (22:31 +0000)]
test-condition: skip group test during Debian package build
The group names won't match in a package build chroot and the test might
fail, skip it.
https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=hppa&ver=255%7Erc2-2&stamp=
1700424353&raw=0
onenowy [Sun, 19 Nov 2023 05:51:47 +0000 (14:51 +0900)]
hwdb: add Predator PHN16-71
enable microphone mute, predator sense button and fix the keyboard backlight up button changes display brightness.
Yu Watanabe [Sat, 18 Nov 2023 13:59:20 +0000 (22:59 +0900)]
Merge pull request #30070 from weblate/weblate-systemd-master
Translations update from Fedora Weblate
Yu Watanabe [Fri, 17 Nov 2023 17:43:50 +0000 (02:43 +0900)]
network/dhcp: actually refuse to assign DHCP option when an invalid string is passed
Prompted by #30029.
Luca Boccassi [Sat, 18 Nov 2023 11:18:22 +0000 (11:18 +0000)]
Merge pull request #30078 from yuwata/test-setup-logging
test: call test_setup_logging()
Charles Lee [Sat, 18 Nov 2023 11:17:27 +0000 (12:17 +0100)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (227 of 227 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/main
Weblate [Sat, 18 Nov 2023 11:17:27 +0000 (12:17 +0100)]
po: Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
Co-authored-by: Weblate <noreply@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/
Translation: systemd/main
Charles Lee [Sat, 18 Nov 2023 11:17:27 +0000 (12:17 +0100)]
po: Translated using Weblate (Chinese (Simplified) (zh_CN))
Currently translated at 100.0% (227 of 227 strings)
Co-authored-by: Charles Lee <lchopn@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/zh_CN/
Translation: systemd/main
Yu Watanabe [Fri, 17 Nov 2023 17:09:04 +0000 (02:09 +0900)]
fuzz: always call fuzz_setup_logging()
Yu Watanabe [Fri, 17 Nov 2023 16:54:01 +0000 (01:54 +0900)]
test: always call test_setup_logging()
Luca Boccassi [Fri, 17 Nov 2023 10:31:26 +0000 (10:31 +0000)]
mkosi ci: enable jammy-proposed
This will bring in the fix for rawhide/tumbleweed builds (new libsolv
capable of handling zstd). If all goes well it will migrate to jammy
proper in a week and it can be reverted
Christian Hesse [Fri, 17 Nov 2023 12:35:48 +0000 (13:35 +0100)]
NEWS: drop duplicate 'of'
Luca Boccassi [Fri, 17 Nov 2023 09:40:09 +0000 (09:40 +0000)]
Merge pull request #30064 from bluca/unbork_direct_io
loop-util: restart loop_configure and reopen FD when O_DIRECT fails
Luca Boccassi [Fri, 17 Nov 2023 09:39:48 +0000 (09:39 +0000)]
Merge pull request #30066 from bluca/test
fsck/shell test fixes
Luca Boccassi [Thu, 16 Nov 2023 23:17:29 +0000 (23:17 +0000)]
test: avoid asserting on default user shell
In some build environments it might differ:
/* test_get_user_creds_one("root", "root", 0, 0, "/root", "/usr/bin/bash") */
got "root", 0, 0, "/root", "/bin/sh": Success
Assertion 'path_equal(rshell, shell)' failed at src/test/test-user-util.c:345, function test_get_user_creds_one(). Aborting.
https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=alpha&ver=255%7Erc2-1&stamp=
1700147880&raw=0
Luca Boccassi [Thu, 16 Nov 2023 23:01:08 +0000 (23:01 +0000)]
test: minix fsck not found on alpha
It seems even this one is not everywhere, so relax the test:
/* test_fsck_exists */
Assertion 'fsck_exists_for_fstype("minix") == 1' failed at src/test/test-path-util.c:624, function test_fsck_exists(). Aborting.
https://buildd.debian.org/status/fetch.php?pkg=systemd&arch=alpha&ver=255%7Erc2-1&stamp=
1700147880&raw=0
Luca Boccassi [Thu, 16 Nov 2023 21:13:10 +0000 (21:13 +0000)]
loop-util: use the right error variable in log_debug_errno after fd_reopen
Luca Boccassi [Thu, 16 Nov 2023 15:45:20 +0000 (15:45 +0000)]
loop-util: restart loop_configure and reopen FD when O_DIRECT fails
On kernel 5.10.178, when a squashfs file is stored on an EXT4 filesystem
backed by a dm-crypt volume, dissecting fails:
$ SYSTEMD_LOG_LEVEL=debug systemd-dissect /var/foo/bar.raw
Opened '/var/foo/bar.raw' in O_RDONLY access mode, with O_DIRECT enabled.
Couldn't find any partition table to derive sector size of.
loop2: Acquired exclusive lock.
Could not enable direct IO mode, proceeding in buffered IO mode.
Successfully acquired /dev/loop2, devno=7:2, nr=2, diskseq=87
Opened /dev/loop2 (fd=3, whole_block_devnum=7:2, diskseq=87).
Name: bar.raw
Size: 67.2M
Sec. Size: 512
Arch.: n/a
Successfully forked off '(sd-dissect)' as PID 4110.
Mounting /proc/self/fd/3 (squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV "")...
Failed to mount /proc/self/fd/3 (type squashfs) on /tmp/dissect-Zk3K5F (MS_RDONLY|MS_NODEV ""): Input/output error
Failed to mount dissected image: Input/output error
Failed to read /etc/hostname of image: No such file or directory
/etc/machine-id file of image is empty.
Failed to read has-init-system boolean: Input/output error
(sd-dissect) failed with exit status 1.
Failed to acquire image metadata: Input/output error
The kernel shows I/O errors:
kernel: blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
kernel: SQUASHFS error: Failed to read block 0x0: -5
kernel: unable to read squashfs_super_block
This is independent of a particular filesystem and can be reproduced
reliably in my setup, starting from freshly formatted disks.
Instead of continuing when O_DIRECT fails, start over the setup
process without the flag, including opening a new FD, to make the
kernel happy.
Luca Boccassi [Thu, 16 Nov 2023 16:04:37 +0000 (16:04 +0000)]
Merge pull request #30055 from YHNdnzj/logind-handle-action
logind-action: several cleanups
Lennart Poettering [Thu, 16 Nov 2023 12:42:56 +0000 (13:42 +0100)]
update TODO
Lennart Poettering [Thu, 16 Nov 2023 12:34:07 +0000 (13:34 +0100)]
update TODO
Frantisek Sumsal [Thu, 16 Nov 2023 09:26:45 +0000 (10:26 +0100)]
login: mark the TTY property as "emits change"
Triggered by the SetTTY() method.
Follow-up to
092e6cd19ad.
Addresses: https://github.com/systemd/systemd/pull/30043#pullrequestreview-
1733628935
Luca Boccassi [Thu, 16 Nov 2023 11:25:24 +0000 (11:25 +0000)]
Merge pull request #30052 from dtardon/udev-fixes
Two small udev fixes
Mike Yuan [Thu, 16 Nov 2023 09:47:47 +0000 (17:47 +0800)]
logind-action: check if inhibit_what is valid
Fixes #30037
Mike Yuan [Thu, 16 Nov 2023 09:46:56 +0000 (17:46 +0800)]
logind-inhibit: introduce inhibit_what_is_valid
Mike Yuan [Thu, 2 Nov 2023 10:23:21 +0000 (18:23 +0800)]
logind-action: split out logic for handle_action_sleep
Preparation for #29853
Mike Yuan [Tue, 31 Oct 2023 13:08:19 +0000 (21:08 +0800)]
logind: return "no" if sleep operation is disabled
According to org.freedesktop.login1:
> If "na" is returned, the operation is not available because
> hardware, kernel, or drivers do not support it. If "yes" is
> returned, the operation is supported and the user may execute
> the operation without further authentication. If "no" is returned,
> the operation is available but the user is not allowed to execute
> the operation.
Therefore, we should return "no" if sleep is explicitly disabled,
otherwise we return "na".
Mike Yuan [Fri, 3 Nov 2023 12:43:18 +0000 (20:43 +0800)]
TODO: remove an already implemented entry
Follow-up for #23640
Yo-Jung Lin [Thu, 16 Nov 2023 06:05:40 +0000 (14:05 +0800)]
hwdb: Mark Dell platform accel sensor location to base
Dell would like to disable screen rotation for the platform eternally.
Mark the aceel sensor location base to disable it.
Luca Boccassi [Thu, 16 Nov 2023 09:34:31 +0000 (09:34 +0000)]
Merge pull request #30047 from yuwata/sd-bus-assert-return
sd-bus: several fixlets found by making assert_return() critical
Yu Watanabe [Thu, 16 Nov 2023 01:47:45 +0000 (10:47 +0900)]
log: rename variables to store function call results
David Tardon [Tue, 14 Nov 2023 18:20:01 +0000 (19:20 +0100)]
udev-manager: fix log message
David Tardon [Wed, 15 Nov 2023 07:15:59 +0000 (08:15 +0100)]
test: read from the right device
Yu Watanabe [Thu, 16 Nov 2023 02:28:33 +0000 (11:28 +0900)]
Merge pull request #30043 from mrc0mmand/more-assert_return
More `assert_return()` shenanigans
Yu Watanabe [Thu, 16 Nov 2023 02:28:04 +0000 (11:28 +0900)]
Merge pull request #30045 from poettering/discover-image-tweaklets
discover-image: tiny tweaklets
Yu Watanabe [Thu, 16 Nov 2023 02:27:47 +0000 (11:27 +0900)]
Merge pull request #30044 from poettering/dissect-tool-tweaklets
systemd-dissect --discover tweaklets
Luca Boccassi [Wed, 15 Nov 2023 21:08:30 +0000 (21:08 +0000)]
sd-dhcp: use CMSG_FIND_AND_COPY_DATA to avoid build failures on x32 architectures
On architectures where timeval is 64bit but size_t is 32bit
we have to use CMSG_FIND_AND_COPY_DATA. This affects x32 and riscv32.
Follow-up for
905d0ea7b0080dd
Yu Watanabe [Thu, 16 Nov 2023 00:14:38 +0000 (09:14 +0900)]
test: sd_bus_process() may assign NULL even if it returns positive
Let's not trigger assert_return() needlessly.
Prompted by #30029.
Yu Watanabe [Wed, 15 Nov 2023 19:37:02 +0000 (04:37 +0900)]
test: several cleanups for test-bus-chat
- use sd_bus_query_sender_creds() to retrieve credentials,
- read credentials only when we get credentials, to avoid triggering
assert_return(),
- downgrade log level of expected failure, and update log message about
unexpected success.
Prompted by #30029.
Yu Watanabe [Wed, 15 Nov 2023 18:37:24 +0000 (03:37 +0900)]
sd-bus: drop SD_BUS_CREDS_AUGMENT flag
On checking if the message has enough credentials, the special flag
needs to be dropped.
Fixes a bug introduced by
705a415f684f8e9ee19983e5859de00bbb1477cb.
Yu Watanabe [Wed, 15 Nov 2023 19:46:24 +0000 (04:46 +0900)]
sd-bus: insert missing space
Lennart Poettering [Wed, 15 Nov 2023 17:36:59 +0000 (18:36 +0100)]
discover-image: use TAKE_PTR() where appropriate
Lennart Poettering [Wed, 15 Nov 2023 17:36:39 +0000 (18:36 +0100)]
discover-image: reindent string table
Lennart Poettering [Wed, 15 Nov 2023 21:36:41 +0000 (22:36 +0100)]
dissect: set dash as ersatz string
Lennart Poettering [Wed, 15 Nov 2023 21:14:36 +0000 (22:14 +0100)]
dissect: right-align size column in --discover table
Frantisek Sumsal [Wed, 15 Nov 2023 21:21:16 +0000 (22:21 +0100)]
login: mark the Display property as "emits change"
With the introduction of SetDisplay() method in
4885d7490b2 the Display
property emits a "properties changed" message every time the display is
changed using this method, so mark it appropriately.
Caught by systemd/systemd#30029:
systemd-logind[1366]: Got message type=method_call sender=:1.165 destination=org.freedesktop.login1 path=/org/freedesktop/login1/session/_310 interface=org.freedesktop.login1.Session member=SetDisplay cookie=8 reply_cookie=0 signature=s error-name=n/a error-message=n/a
systemd-logind[1366]: Assertion 'v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE || v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION' failed at src/libsystemd/sd-bus/bus-objects.c:2141, function emit_properties_changed_on_interface(). Ignoring.
Follow-up to
4885d7490b2.
Frantisek Sumsal [Wed, 15 Nov 2023 20:44:33 +0000 (21:44 +0100)]
sd-journal: don't assert on invalid field
Also, field_is_valid(field) already does isempty(field), so drop that as
well.
$ SYSTEMD_LOG_LEVEL=debug journalctl -o verbose -F foo-bar-baz
...
Assertion 'field_is_valid(field)' failed at src/libsystemd/sd-journal/sd-journal.c:2789, function sd_journal_query_unique(). Ignoring.
Failed to query unique data objects: Invalid argument
Frantisek Sumsal [Wed, 15 Nov 2023 21:05:06 +0000 (21:05 +0000)]
Merge pull request #30040 from yuwata/assert-return-fixes
several assert_return() fixes
Krzesimir Nowak [Wed, 15 Nov 2023 16:39:10 +0000 (17:39 +0100)]
repart: Fix compilation warning when tpm2 is disabled
The warning is about unused variable "flags":
```
../src/partition/repart.c: In function ‘partition_encrypt’:
../src/partition/repart.c:3690:19: warning: unused variable ‘flags’ [-Wunused-variable]
3690 | TPM2Flags flags = 0;
| ^~~~~
```
Move the flags variable into the scope where it is actually used, which happens
to be inside the HAVE_TPM2 block.
Yu Watanabe [Wed, 15 Nov 2023 17:27:19 +0000 (02:27 +0900)]
sd-device: do not trigger assertion by a bad udev rules
The assertion can be triggered by bad `$attr{[<subsys>/<sysname>]<attribute>}`
formatting. That's not a programmer's error, but a runtime error.
Prompted by #30029.
Yu Watanabe [Wed, 15 Nov 2023 17:17:22 +0000 (02:17 +0900)]
dhcp: do not trigger assertion by malformed messages
This also changes error code from -ENODATA -> -EBADMSG,
as we received bad message in that case.
Prompted by #30029.
Yu Watanabe [Wed, 15 Nov 2023 17:12:09 +0000 (02:12 +0900)]
network: do not try to create netdev from tests
Prompted by #30029.
Luca Boccassi [Wed, 15 Nov 2023 16:31:53 +0000 (16:31 +0000)]
NEWS: finalize for v255-rc2
Luca Boccassi [Wed, 15 Nov 2023 16:24:48 +0000 (16:24 +0000)]
Merge pull request #30033 from mrc0mmand/assert_return-tweaks
Dial back a couple of `assert_return()` uses
Luca Boccassi [Wed, 15 Nov 2023 16:05:29 +0000 (16:05 +0000)]
Merge pull request #30035 from keszybz/buid-sys-cleanups
Build system cleanups
Mike Yuan [Wed, 15 Nov 2023 14:28:52 +0000 (22:28 +0800)]
man/systemd-creds: fix a typo
Zbigniew Jędrzejewski-Szmek [Wed, 15 Nov 2023 14:24:34 +0000 (15:24 +0100)]
hwdb/acpi-update.py: streamline python code
Use f-strings and simplify the code a bit.
When I call 'acpi-update.py' after those changes, the resulting .hwdb files are
the same except for two additions that appeared in the meantime. I don't think
it makes sense to update them again, because the ma-*.txt files changed and we
don't want to store big blobs unnecessarilly.
Zbigniew Jędrzejewski-Szmek [Wed, 15 Nov 2023 14:21:26 +0000 (15:21 +0100)]
hwdb: rename .html=>.csv
The old suffix is now confusing.
Frantisek Sumsal [Wed, 15 Nov 2023 13:57:48 +0000 (14:57 +0100)]
test: update Ubuntu CI instructions
Luca Boccassi [Wed, 15 Nov 2023 13:57:28 +0000 (13:57 +0000)]
Merge pull request #30030 from poettering/gpt-growfs-root-fix
make gpt flag 59 (growfs) actually work on the root fs
Zbigniew Jędrzejewski-Szmek [Wed, 15 Nov 2023 13:47:17 +0000 (14:47 +0100)]
meson: use ternary op for brevity
Zbigniew Jędrzejewski-Szmek [Wed, 15 Nov 2023 13:52:36 +0000 (14:52 +0100)]
NEWS: adjust indentation
A non-breaking space is used between "PCR" and the number. I did
search&replace on the whole file, so that when people select&paste
later, they are more likely to use the same format.
Frantisek Sumsal [Wed, 15 Nov 2023 12:56:50 +0000 (13:56 +0100)]
sd-bus: don't treat invalid user/machine as a programming error
$ SYSTEMD_LOG_LEVEL=debug machinectl status --machine=@
Assertion 'r > 0' failed at src/libsystemd/sd-bus/sd-bus.c:1694, function sd_bus_open_system_machine(). Ignoring.
Frantisek Sumsal [Wed, 15 Nov 2023 12:46:09 +0000 (13:46 +0100)]
mount: don't call sd_device_get_property_value() with a NULL pointer
Otherwise bad thing would've happened is this was a hard assert:
+ systemd-mount --umount /dev/loop0
Assertion 'device' failed at src/libsystemd/sd-device/sd-device.c:2202, function sd_device_get_property_value(). Ignoring.
Frantisek Sumsal [Wed, 15 Nov 2023 12:38:02 +0000 (13:38 +0100)]
sd-journal: don't treat invalid match as a programming error
Don't use assert_runtime() when we get an invalid match string, since
that's a runtime error:
$ SYSTEMD_LOG_LEVEL=debug coredumpctl info =
...
Adding match: =
Assertion 'match_is_valid(data, size)' failed at src/libsystemd/sd-journal/sd-journal.c:240, function sd_journal_add_match(). Ignoring.
Failed to add match "=": Invalid argument
Lennart Poettering [Wed, 15 Nov 2023 11:11:08 +0000 (12:11 +0100)]
boot: measure config first, only then parse
Fixes: #30026
Lennart Poettering [Wed, 15 Nov 2023 10:14:39 +0000 (11:14 +0100)]
gpt-auto-generator: hook in "growfs" for the root fs if the GPT flag 59 says so
Fixes: #29791
Lennart Poettering [Wed, 15 Nov 2023 12:17:31 +0000 (13:17 +0100)]
gpt-auto-generator: don't eat up errors of generator_enable_remount_fs_service()
I cannot see a reason why we should ignore this error, so let's not. We
use RET_GATHER() on the returns anyway, i.e. collect errors but
continue, so it makes sense to collect this one too.
Lennart Poettering [Wed, 15 Nov 2023 10:14:11 +0000 (11:14 +0100)]
gpt-auto-generator: add comment + assert() explaining mode of invocation
We are not invoked in the initrd, and that deserves a comment.
Lennart Poettering [Wed, 15 Nov 2023 10:12:38 +0000 (11:12 +0100)]
gpt-auto-generator: drop in_initrd() check in add_partition_root_rw()
This call is never called in the initrd, hence we can drop the extra
check, as it is redundant. Let's keep it as an assert() though, as a
form of code-enforced documentation.
Frantisek Sumsal [Wed, 15 Nov 2023 10:41:45 +0000 (11:41 +0100)]
fuzz: don't panic without a C++ compiler
meson's `cpp_args` option is defined only if it detects a C++ compiler,
otherwise we get an error:
../test/fuzz/meson.build:56:28: ERROR: Tried to access unknown option 'cpp_args'.
Lennart Poettering [Wed, 15 Nov 2023 10:52:27 +0000 (11:52 +0100)]
NEWS fixes
Luca Boccassi [Wed, 15 Nov 2023 09:49:46 +0000 (09:49 +0000)]
Merge pull request #30028 from yuwata/duid-fix-size
dhcp: fix DUID size
Yu Watanabe [Wed, 15 Nov 2023 04:46:31 +0000 (13:46 +0900)]
sd-dhcp6-client: fix DUID data length passed to hexmem()
Fixes a bug introduced by
6b7d5b6eaf9029b88771ae0ba3cf3c95adb3c24d.
Yu Watanabe [Wed, 15 Nov 2023 04:26:57 +0000 (13:26 +0900)]
dhcp: fix maximum DUID size
This effectively reverts
92914960113b9ed21570f4329e2b2b2bf3e84629.
This fixes the maximum length of DUID.
See RFC 8415 section 11.1.
Yu Watanabe [Tue, 14 Nov 2023 08:00:34 +0000 (17:00 +0900)]
dhcp: drop unused prototype
Follow-up for
53488ea352b658e37eef06f958c3f8ca062a64d9.
Yu Watanabe [Wed, 15 Nov 2023 01:17:19 +0000 (10:17 +0900)]
Merge pull request #30027 from bluca/news
Update syscalls/hwdb/po
Luca Boccassi [Tue, 14 Nov 2023 21:26:10 +0000 (21:26 +0000)]
Update po files
These are all newline breaks, but some meson tool changed at some
point that causes all of these changes to happen, and they have
started to appear when Weblate sends translations update, making
them very hard to review as they are mostly adding these breaks.
Update all files once and for all so that new translations PRs are
easier to review.
Luca Boccassi [Tue, 14 Nov 2023 21:20:45 +0000 (21:20 +0000)]
Update hwdb
Luca Boccassi [Tue, 14 Nov 2023 20:46:12 +0000 (20:46 +0000)]
hwdb: PNP/ACPI lists on uefi.org are now in CSV format
Adjust the parsing as it's no longer HTML files. Some IDs end with
whitespace, without being quoted, which seems like a mistake as they
weren't before, so strip the ID columns before applying them.
Luca Boccassi [Tue, 14 Nov 2023 20:18:50 +0000 (20:18 +0000)]
docs/RELEASE.md: retain systemd.io in IRC topic update
Luca Boccassi [Tue, 14 Nov 2023 20:17:48 +0000 (20:17 +0000)]
Update syscalls list
Luca Boccassi [Tue, 14 Nov 2023 20:11:56 +0000 (20:11 +0000)]
NEWS: update contributors list
Luca Boccassi [Tue, 14 Nov 2023 20:11:01 +0000 (20:11 +0000)]
NEWS: update for latest features
Luca Boccassi [Tue, 14 Nov 2023 19:04:35 +0000 (19:04 +0000)]
Merge pull request #30023 from mrc0mmand/selinux
test: make TEST-06-SELINUX work with the refpolicy and beef it up a bit
Frantisek Sumsal [Tue, 14 Nov 2023 11:53:51 +0000 (12:53 +0100)]
test: make TEST-06-SELINUX work with the refpolicy and beef it up a bit
Currently the test works only with policy shipped by Fedora, which makes
it pretty much useless in most of our CIs. Let's drop the custom module
and make the test more generic, so it works with the refpolicy as well,
which should allow us to run it on Arch and probably even in Ubuntu CI.
Zbigniew Jędrzejewski-Szmek [Tue, 14 Nov 2023 16:33:42 +0000 (17:33 +0100)]
Merge pull request #29930 from yuwata/meson-default-network-fix-install-path
meson: fix install path of example .network files
Zbigniew Jędrzejewski-Szmek [Tue, 14 Nov 2023 16:33:03 +0000 (17:33 +0100)]
Merge pull request #29928 from yuwata/meson-default-network
meson: follow-ups for -Ddefault-network=
Frantisek Sumsal [Tue, 14 Nov 2023 09:52:24 +0000 (10:52 +0100)]
test: switch SELinux to permissive in the config file
The config file has (unfortunately) precedence over the kernel command
line, so let's tweak the config file if necessary.
Vito Caputo [Tue, 14 Nov 2023 08:48:00 +0000 (00:48 -0800)]
doc: some trivial cleanups to MEMORY_PRESSURE.md
Yu Watanabe [Tue, 14 Nov 2023 02:58:22 +0000 (11:58 +0900)]
storagetm: use path to device node instead of devpath
To make the generated IDs equivalent when
- sd_device object is not provided,
- sd_device object is provided, but it does not have ID_SERIAL.
Follow-up for
abc19a6ffaa94893ffc40cc000e5bb4437f67656.
This also fixes missing voidification.
Fixes CID#1524253.
Luca Boccassi [Mon, 13 Nov 2023 19:26:33 +0000 (19:26 +0000)]
selinux: fix loading policy at early boot
First, check for the cached enabled/disabled, as that's what all the
label functions used to do. Then, if initialization is not done yet,
do not cause the label functions to bail out, as it's expected to
happen at early boot.
Among other things, fixes:
systemd[1]: Failed to compute init label, ignoring.
Follow-up for:
0617da2edb91669a
Luca Boccassi [Mon, 13 Nov 2023 21:12:06 +0000 (21:12 +0000)]
Merge pull request #30007 from YHNdnzj/memory-attr-followup
core: generalize memory accounting attribute handling
Luca Boccassi [Mon, 13 Nov 2023 20:58:43 +0000 (20:58 +0000)]
Merge pull request #30018 from mrc0mmand/TEST-70
test: skip --tpm2-device-key= tests with older OpenSSL
Frantisek Sumsal [Mon, 13 Nov 2023 19:47:17 +0000 (20:47 +0100)]
tree-wide: unify OpenSSL spelling in log messages
Seeing three different spellings of OpenSSL in one log file triggers
some inner OCD I didn't even know I have.
Frantisek Sumsal [Mon, 13 Nov 2023 19:35:29 +0000 (20:35 +0100)]
test: skip --tpm2-device-key= tests with older OpenSSL
--tpm2-device-key= requires OpenSSL >= 3 with KDF-SS, so let's skip the
test if we're running with older OpenSSL.
+ systemd-cryptenroll --tpm2-device-key=/tmp/srk.pub --tpm2-pcrs=12:sha256=F5A5FD42D16A20302798EF6ED309979B43003D2320D9F0E8EA9831A92759FB4B /tmp/systemd-cryptsetup-H8y.IMAGE
Failed to find TPM2 pcrlock policy file 'pcrlock.json': No such file or directory
Allocating context for crypt device /tmp/systemd-cryptsetup-H8y.IMAGE.
Trying to open and read device /tmp/systemd-cryptsetup-H8y.IMAGE with direct-io.
Trying to open device /tmp/systemd-cryptsetup-H8y.IMAGE without direct-io.
Initialising device-mapper backend library.
Trying to load LUKS2 crypt type from device /tmp/systemd-cryptsetup-H8y.IMAGE.
Crypto backend (OpenSSL 1.1.1k FIPS 25 Mar 2021) initialized in cryptsetup library version 2.3.7.
Detected kernel Linux 4.18.0-521.el8.ppc64le ppc64le.
...
Failed to find TPM PCR public key file 'tpm2-pcr-public-key.pem': No such file or directory
Failed to read TPM2 PCR public key, proceeding without: No such file or directory
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
Can't find symbol Esys_TR_GetTpmHandle: /lib64/libtss2-esys.so.0: undefined symbol: Esys_TR_GetTpmHandle
libtss2-esys too old, does not include Esys_TR_GetTpmHandle.
PolicyPCR calculated digest: 9a1f511fb94f030eb21d0332ef2739727bf0ead4ec26a204d15b09cdeb4b2555
Calculating sealed object.
Calculating encrypted seed for sealed object.
Calculating encrypted seed for ECC sealed object.
Calculating KDFe().
KDF-SS requires openssl >= 3.
Could not calculate KDFe: Operation not supported
Could not calculate encrypted seed: Operation not supported
Failed to seal to TPM2: Operation not supported