From c65aafbb3371db9047ad688493400a0b881c3949 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 9 Jan 2017 13:51:06 -0500 Subject: [PATCH 1/6] man: add more links to systemd-ask-password and systemd-tty-ask-password-agent Loosely inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1411134. --- man/systemd-ask-password.xml | 43 +++++++++++++++++--------- man/systemd-tty-ask-password-agent.xml | 10 ++++-- 2 files changed, 35 insertions(+), 18 deletions(-) diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index 2b6fb5a82f..8d3355819b 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -61,10 +61,9 @@ a system password or passphrase from the user, using a question message specified on the command line. When run from a TTY it will query a password on the TTY and print it to standard output. When - run with no TTY or with it will query - the password system-wide and allow active users to respond via - several agents. The latter is only available to privileged - processes. + run with no TTY or with it will use the + system-wide query mechanism, which allows active users to respond via + several agents, listed below. The purpose of this tool is to query system-wide passwords — that is passwords not attached to a specific user account. @@ -76,25 +75,38 @@ A boot-time password agent asking the user for - passwords using Plymouth + passwords using + plymouth8, + A boot-time password agent querying the user - directly on the console + directly on the console — + systemd-ask-password-console.service8, + An agent requesting password input via a - wall1 - message - - A command line agent which can be started - temporarily to process queued password - requests + wall1 + message — + systemd-ask-password-wall.service8, + A TTY agent that is temporarily spawned during systemctl1 - invocations + invocations, + + A command line agent which can be started + temporarily to process queued password + requests — systemd-tty-ask-password-agent --query. + + Answering system-wide password queries is a privileged operation, hence + all the agents listed above (except for the last one), run as privileged + system services. The last one also needs elevated privileges, so + should be run through + sudo8 + or similar. + Additional password agents may be implemented according to the systemd @@ -217,7 +229,8 @@ See Also systemd1, - systemctl1, + systemd-ask-password-console.service8, + systemd-tty-ask-password1, keyctl1, plymouth8, wall1 diff --git a/man/systemd-tty-ask-password-agent.xml b/man/systemd-tty-ask-password-agent.xml index 2876fab644..2e4b31be07 100644 --- a/man/systemd-tty-ask-password-agent.xml +++ b/man/systemd-tty-ask-password-agent.xml @@ -50,7 +50,9 @@ - systemd-tty-ask-password-agent OPTIONS VARIABLE=VALUE + systemd-tty-ask-password-agent + OPTIONS + VARIABLE=VALUE @@ -65,8 +67,10 @@ systemd-tty-ask-password-agent implements the Password - Agents Specification. - + Agents Specification, and is one of many possible response agents which + answer to queries formulated with + systemd-ask-password1. + From cbd50adce0c07110565a53883e8250ea96c6d0af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 11 Jan 2017 13:40:10 -0500 Subject: [PATCH 2/6] networkd: reorder gperf fields In eb64b435ebb2a7cb1274d5 ActiveSlave/PrimarySlave were inserted in between IPv6AcceptRA and IPv6AcceptRouterAdvertisements and the comment then didn't make sense. It turns out that gperf does not understand C-style comments, and that there's no comment syntax in the keywords section. The following was generated: {"/* legacy alias for the above */"}, {"Network.IPv6AcceptRA", config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra)}, In practice this wouldn't lead to problems because this fake pattern would be hard to match, but it seems better to remove the comments altogether. Readers of the .gperf file will have to look for the repeated output field to notice legacy options. To make this easier, let's always keep the legacy option second. --- src/network/networkd-network-gperf.gperf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf index 862cfad1ff..7b54e81fb8 100644 --- a/src/network/networkd-network-gperf.gperf +++ b/src/network/networkd-network-gperf.gperf @@ -60,14 +60,13 @@ Network.IPForward, config_parse_address_family_boolean_with Network.IPMasquerade, config_parse_bool, 0, offsetof(Network, ip_masquerade) Network.IPv6PrivacyExtensions, config_parse_ipv6_privacy_extensions, 0, offsetof(Network, ipv6_privacy_extensions) Network.IPv6AcceptRA, config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra) -Network.ActiveSlave, config_parse_bool, 0, offsetof(Network, active_slave) -Network.PrimarySlave, config_parse_bool, 0, offsetof(Network, primary_slave) -/* legacy alias for the above */ Network.IPv6AcceptRouterAdvertisements, config_parse_tristate, 0, offsetof(Network, ipv6_accept_ra) Network.IPv6DuplicateAddressDetection, config_parse_int, 0, offsetof(Network, ipv6_dad_transmits) Network.IPv6HopLimit, config_parse_int, 0, offsetof(Network, ipv6_hop_limit) -Network.ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp) +Network.ActiveSlave, config_parse_bool, 0, offsetof(Network, active_slave) +Network.PrimarySlave, config_parse_bool, 0, offsetof(Network, primary_slave) Network.IPv4ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp) +Network.ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp) Network.BindCarrier, config_parse_strv, 0, offsetof(Network, bind_carrier) Address.Address, config_parse_address, 0, 0 Address.Peer, config_parse_address, 0, 0 From da3bddc993a06c7c7b6f903244d3de88443082e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 11 Jan 2017 13:48:16 -0500 Subject: [PATCH 3/6] core: add missing "=" in message For consistency. Also drop "e.g." because it's somewhat redundant with the ellipsis and the message is pretty long already. Follow-up for 4d1fe20a585ca. --- src/core/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/socket.c b/src/core/socket.c index c4ce88c5f4..3cae6b31bb 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -449,7 +449,7 @@ static int socket_verify(Socket *s) { return 0; if (!s->ports) { - log_unit_error(UNIT(s), "Unit has no Listen setting (e.g. ListenStream=, ListenDatagram=, ListenFIFO, ...). Refusing."); + log_unit_error(UNIT(s), "Unit has no Listen setting (ListenStream=, ListenDatagram=, ListenFIFO=, ...). Refusing."); return -EINVAL; } From 69dc6922524c32d6b3723394d44fb5f60c9c438a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 11 Jan 2017 14:09:47 -0500 Subject: [PATCH 4/6] socket-util: drop _pure_ from a function with an output parameter If it writes to memory, it's not pure, by definition. Fixup for 882ac6e769c5c. --- src/basic/socket-util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h index 0df1a600af..3c42e220e5 100644 --- a/src/basic/socket-util.h +++ b/src/basic/socket-util.h @@ -102,7 +102,7 @@ const char* socket_address_get_path(const SocketAddress *a); bool socket_ipv6_is_supported(void); -int sockaddr_port(const struct sockaddr *_sa, unsigned *port) _pure_; +int sockaddr_port(const struct sockaddr *_sa, unsigned *port); int sockaddr_pretty(const struct sockaddr *_sa, socklen_t salen, bool translate_ipv6, bool include_port, char **ret); int getpeername_pretty(int fd, bool include_port, char **ret); From 99171d2fdf720ebb64fee75db4177af5d048d0f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 11 Jan 2017 14:45:19 -0500 Subject: [PATCH 5/6] shell-completion: redirect all errors from systemctl to /dev/null Completion scripts should not generate errors, ever. https://bugzilla.redhat.com/show_bug.cgi?id=1409649 --- shell-completion/bash/systemctl.in | 2 +- shell-completion/zsh/_systemctl.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in index dcf71a1f51..34589e2888 100644 --- a/shell-completion/bash/systemctl.in +++ b/shell-completion/bash/systemctl.in @@ -19,7 +19,7 @@ __systemctl() { local mode=$1; shift 1 - systemctl $mode --full --no-legend "$@" + systemctl $mode --full --no-legend "$@" 2>/dev/null } __systemd_properties() { diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in index 03a1c930b0..d77a2df74e 100644 --- a/shell-completion/zsh/_systemctl.in +++ b/shell-completion/zsh/_systemctl.in @@ -91,7 +91,7 @@ __systemctl() { - systemctl $_sys_service_mgr --full --no-legend --no-pager "$@" + systemctl $_sys_service_mgr --full --no-legend --no-pager "$@" 2>/dev/null } From 9a4bf1e8d311513167dc5b456a243d78c52976fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 11 Jan 2017 15:48:15 -0500 Subject: [PATCH 6/6] man: link to sd-j-{remote,upload} from journalctl(1) --- man/journalctl.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/man/journalctl.xml b/man/journalctl.xml index 4282424212..eacba048bc 100644 --- a/man/journalctl.xml +++ b/man/journalctl.xml @@ -925,7 +925,9 @@ coredumpctl1, systemd.journal-fields7, journald.conf5, - systemd.time7 + systemd.time7, + systemd-journal-remote8, + systemd-journal-upload8