Merge pull request #18011 from yuwata/trivial-fixes

Trivial fixes for recently merged PRs
This commit is contained in:
Yu Watanabe 2020-12-18 20:12:02 +09:00 committed by GitHub
commit 9f62de5762
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 46 additions and 40 deletions

View File

@ -246,7 +246,7 @@
<programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto</programlisting>
<para>The above command will enroll the TPM2 chip, and then wipe all previously crated TPM2
<para>The above command will enroll the TPM2 chip, and then wipe all previously created TPM2
enrollments on the LUKS2 volume, leaving only the newly created one. Combining wiping and enrollment
may also be used to replace enrollments of different types, for example for changing from a PKCS#11
enrollment to a FIDO2 one:</para>

View File

@ -114,7 +114,11 @@ basic_sources = files('''
linux/libc-compat.h
linux/loadavg.h
linux/netdevice.h
linux/netfilter/nf_tables.h
linux/netfilter/nfnetlink.h
linux/netlink.h
linux/nexthop.h
linux/pkt_sched.h
linux/rtnetlink.h
linux/wireguard.h
list.h

View File

@ -258,7 +258,7 @@ static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_
return log_oom();
}
/* And of course, als remember the tokens to remove. */
/* And of course, also remember the tokens to remove. */
if (shall_wipe)
if (set_put(wipe_tokens, INT_TO_PTR(token)) < 0)
return log_oom();

View File

@ -90,7 +90,7 @@ static int help(void) {
" --tpm2-device=PATH\n"
" Enroll a TPM2 device\n"
" --tpm2-pcrs=PCR1,PCR2,PCR3,…\n"
" Specifiy TPM2 PCRs to seal against\n"
" Specify TPM2 PCRs to seal against\n"
" --wipe-slot=SLOT1,SLOT2,…\n"
" Wipe specified slots\n"
"\nSee the %s for details.\n"
@ -390,7 +390,7 @@ static int prepare_luks(
password,
strlen(password));
if (r < 0)
return log_error_errno(r, "Password from environent variable $PASSWORD did not work.");
return log_error_errno(r, "Password from environment variable $PASSWORD did not work.");
} else {
AskPasswordFlags ask_password_flags = ASK_PASSWORD_PUSH_CACHE|ASK_PASSWORD_ACCEPT_CACHED;
_cleanup_free_ char *question = NULL, *disk_path = NULL;

View File

@ -90,7 +90,7 @@ int acquire_fido2_key(
r = ask_password_auto("Please enter security token PIN:", "drive-harddisk", NULL, "fido2-pin", until, flags, &pins);
if (r < 0)
return log_error_errno(r, "Failed to ask for user pasword: %m");
return log_error_errno(r, "Failed to ask for user password: %m");
flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
}

View File

@ -1035,7 +1035,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
&keyslot,
&token);
if (r == -ENXIO) {
/* No futher TPM2 tokens found in the LUKS2 header.*/
/* No further TPM2 tokens found in the LUKS2 header.*/
if (found_some)
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking.");

View File

@ -139,7 +139,7 @@ int socket_bind(sd_netlink *nl);
int socket_broadcast_group_ref(sd_netlink *nl, unsigned group);
int socket_broadcast_group_unref(sd_netlink *nl, unsigned group);
int socket_write_message(sd_netlink *nl, sd_netlink_message *m);
int socket_writev_message(sd_netlink *nl, sd_netlink_message *m[], size_t msgcount);
int socket_writev_message(sd_netlink *nl, sd_netlink_message **m, size_t msgcount);
int socket_read_message(sd_netlink *nl);
int rtnl_rqueue_make_room(sd_netlink *rtnl);

View File

@ -238,13 +238,14 @@ int socket_write_message(sd_netlink *nl, sd_netlink_message *m) {
return k;
}
int socket_writev_message(sd_netlink *nl, sd_netlink_message *m[], size_t msgcount) {
int socket_writev_message(sd_netlink *nl, sd_netlink_message **m, size_t msgcount) {
_cleanup_free_ struct iovec *iovs = NULL;
ssize_t k;
size_t i;
assert(nl);
assert(msgcount);
assert(m);
assert(msgcount > 0);
iovs = new0(struct iovec, msgcount);
if (!iovs)

View File

@ -1027,9 +1027,9 @@ static const NLType rtnl_types[] = {
[RTM_NEWADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
[RTM_DELADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
[RTM_GETADDRLABEL] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_addrlabel_type_system, .size = sizeof(struct ifaddrlblmsg) },
[RTM_NEWRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
[RTM_DELRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
[RTM_GETRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct rtmsg) },
[RTM_NEWRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
[RTM_DELRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
[RTM_GETRULE] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_routing_policy_rule_type_system, .size = sizeof(struct fib_rule_hdr) },
[RTM_NEWNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
[RTM_DELNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
[RTM_GETNEXTHOP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_nexthop_type_system, .size = sizeof(struct nhmsg) },
@ -1467,7 +1467,7 @@ static const NLTypeSystem nfnl_nft_rule_expr_type_system = {
static const NLType nfnl_nft_rule_types[] = {
[NFTA_RULE_TABLE] = { .type = NETLINK_TYPE_STRING, .size = NFT_TABLE_MAXNAMELEN - 1 },
[NFTA_RULE_CHAIN] = { .type = NETLINK_TYPE_STRING, .size = NFT_TABLE_MAXNAMELEN - 1 },
[NFTA_RULE_EXPRESSIONS] = { .type = NETLINK_TYPE_NESTED, .type_system = &nfnl_nft_rule_expr_type_system }
[NFTA_RULE_EXPRESSIONS] = { .type = NETLINK_TYPE_NESTED, .type_system = &nfnl_nft_rule_expr_type_system }
};
static const NLTypeSystem nfnl_nft_rule_type_system = {

View File

@ -122,21 +122,18 @@ int sd_nfnl_nft_message_new_basechain(sd_netlink *nfnl, sd_netlink_message **ret
r = sd_netlink_message_append_u32(m, NFTA_HOOK_HOOKNUM, htobe32(hook));
if (r < 0)
goto cancel;
return r;
r = sd_netlink_message_append_u32(m, NFTA_HOOK_PRIORITY, htobe32(prio));
if (r < 0)
goto cancel;
return r;
r = sd_netlink_message_close_container(m);
if (r < 0)
goto cancel;
return r;
*ret = TAKE_PTR(m);
return 0;
cancel:
sd_netlink_message_cancel_array(m);
return r;
}
int sd_nfnl_nft_message_del_table(sd_netlink *nfnl, sd_netlink_message **ret,
@ -243,6 +240,7 @@ int sd_nfnl_nft_message_new_setelems_begin(sd_netlink *nfnl, sd_netlink_message
r = sd_netlink_message_open_container(m, NFTA_SET_ELEM_LIST_ELEMENTS);
if (r < 0)
return r;
*ret = TAKE_PTR(m);
return r;
}
@ -267,6 +265,7 @@ int sd_nfnl_nft_message_del_setelems_begin(sd_netlink *nfnl, sd_netlink_message
r = sd_netlink_message_open_container(m, NFTA_SET_ELEM_LIST_ELEMENTS);
if (r < 0)
return r;
*ret = TAKE_PTR(m);
return r;
}
@ -283,10 +282,9 @@ static int sd_nfnl_add_data(sd_netlink_message *m, uint16_t attr, const void *da
return sd_netlink_message_close_container(m); /* attr */
}
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m,
uint32_t num,
const void *key, uint32_t klen,
const void *data, uint32_t dlen) {
int sd_nfnl_nft_message_add_setelem(sd_netlink_message *m, uint32_t num,
const void *key, uint32_t klen,
const void *data, uint32_t dlen) {
int r;
r = sd_netlink_message_open_array(m, num);

View File

@ -227,7 +227,7 @@ int sd_netlink_send(sd_netlink *nl,
}
int sd_netlink_sendv(sd_netlink *nl,
sd_netlink_message *messages[],
sd_netlink_message **messages,
size_t msgcount,
uint32_t **ret_serial) {
_cleanup_free_ uint32_t *serials = NULL;
@ -237,6 +237,7 @@ int sd_netlink_sendv(sd_netlink *nl,
assert_return(nl, -EINVAL);
assert_return(!rtnl_pid_changed(nl), -ECHILD);
assert_return(messages, -EINVAL);
assert_return(msgcount > 0, -EINVAL);
if (ret_serial) {
serials = new0(uint32_t, msgcount);

View File

@ -840,9 +840,9 @@ static int ndisc_router_process_route(Link *link, sd_ndisc_router *rt) {
return log_link_error_errno(link, r, "Failed to get gateway address from RA: %m");
if (link_has_ipv6_address(link, &gateway.in6) == 0) {
_cleanup_free_ char *buf = NULL;
if (DEBUG_LOGGING) {
_cleanup_free_ char *buf = NULL;
(void) in_addr_to_string(AF_INET6, &gateway, &buf);
log_link_debug(link, "Advertised route gateway, %s, is local to the link, ignoring route", strnull(buf));
}

View File

@ -3,11 +3,10 @@
#include <inttypes.h>
#include "firewall-util.h"
#include "sd-event.h"
#include "sd-netlink.h"
#include "firewall-util.h"
#include "in-addr-util.h"
#include "list.h"

View File

@ -314,12 +314,13 @@ static int nfnl_add_expr_masq(sd_netlink_message *m) {
return sd_netlink_message_close_container(m); /* NFTA_LIST_ELEM */
}
/* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destionation/pflen -j MASQUERADE */
static int sd_nfnl_message_new_masq_rule(sd_netlink *nfnl, sd_netlink_message **ret, int family,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
/* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destination/pflen -j MASQUERADE */
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
if (r < 0)
return r;
@ -351,7 +352,6 @@ static int sd_nfnl_message_new_masq_rule(sd_netlink *nfnl, sd_netlink_message **
return 0;
}
/* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen -d destionation/pflen -j DNAT --to-destination remote_addr:remote_port */
static int sd_nfnl_message_new_dnat_rule_pre(sd_netlink *nfnl, sd_netlink_message **ret, int family,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
@ -359,6 +359,9 @@ static int sd_nfnl_message_new_dnat_rule_pre(sd_netlink *nfnl, sd_netlink_messag
uint32_t local = RTN_LOCAL;
int r;
/* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen
* -d destination/pflen -j DNAT --to-destination remote_addr:remote_port */
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
if (r < 0)
return r;
@ -471,7 +474,7 @@ static int sd_nfnl_message_new_dnat_rule_out(sd_netlink *nfnl, sd_netlink_messag
return r;
/* 4th statement: dnat connection to address/port retrieved by the
* preceeding expression. */
* preceding expression. */
proto_reg = NFT_REG32_02;
r = nfnl_add_expr_dnat(m, family, NFT_REG32_01, proto_reg);
if (r < 0)
@ -788,7 +791,7 @@ static int nft_message_add_setelem_iprange(sd_netlink_message *m,
* In the nftables case, everything gets removed. The next add operation
* will yield -ENOENT.
*
* If we see -ENOENT on add, replay the inital table setup.
* If we see -ENOENT on add, replay the initial table setup.
* If that works, re-do the add operation.
*
* Note that this doesn't protect against external sabotage such as a

View File

@ -101,10 +101,10 @@ shared_sources = files('''
fdset.h
fileio-label.c
fileio-label.h
firewall-util.c
firewall-util-nft.c
firewall-util.h
firewall-util-private.h
firewall-util.c
firewall-util.h
format-table.c
format-table.h
fsck-util.h

View File

@ -60,7 +60,7 @@ sd_netlink *sd_netlink_ref(sd_netlink *nl);
sd_netlink *sd_netlink_unref(sd_netlink *nl);
int sd_netlink_send(sd_netlink *nl, sd_netlink_message *message, uint32_t *serial);
int sd_netlink_sendv(sd_netlink *nl, sd_netlink_message *messages[], size_t msgcnt, uint32_t **ret_serial);
int sd_netlink_sendv(sd_netlink *nl, sd_netlink_message **messages, size_t msgcnt, uint32_t **ret_serial);
int sd_netlink_call_async(sd_netlink *nl, sd_netlink_slot **ret_slot, sd_netlink_message *message,
sd_netlink_message_handler_t callback, sd_netlink_destroy_t destoy_callback,
void *userdata, uint64_t usec, const char *description);

View File

@ -280,9 +280,9 @@ static void test_fd_is_mount_point(void) {
assert_se(fd_is_mount_point(fd, "proc", 0) > 0);
assert_se(fd_is_mount_point(fd, "proc/", 0) > 0);
/* /root's entire raison d'etre is to be on the root file system (i.e. not in /home/ which might be
* split off), so that the user can always log in, so it cannot be a mount point unless the system is
* borked. Let's allow for it to be missing though. */
/* /root's entire reason for being is to be on the root file system (i.e. not in /home/ which
* might be split off), so that the user can always log in, so it cannot be a mount point unless
* the system is borked. Let's allow for it to be missing though. */
assert_se(IN_SET(fd_is_mount_point(fd, "root", 0), -ENOENT, 0));
assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
}

View File

@ -572,7 +572,7 @@ static int dmi_table(int64_t base, uint32_t len, uint16_t num, const char *devme
/*
* When reading from sysfs or from a dump file, the file may be
* shorter than announced. For SMBIOS v3 this is expcted, as we
* shorter than announced. For SMBIOS v3 this is expected, as we
* only know the maximum table size, not the actual table size.
* For older implementations (and for SMBIOS v3 too), this
* would be the result of the kernel truncating the table on
@ -599,7 +599,7 @@ static int smbios3_decode(const uint8_t *buf, const char *devmem, bool no_file_o
buf[0x06], 0x18U);
if (!verify_checksum(buf, buf[0x06]))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Faied to verify checksum.");
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to verify checksum.");
offset = QWORD(buf + 0x10);
if (!no_file_offset && (offset >> 32) != 0 && sizeof(int64_t) < 8)