libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003.
https://bugzilla.redhat.com/show_bug.cgi?id=1449145
From that bug report:
Internationalized domain names exist for quite some time (IDNA2003), although
the protocols describing them have evolved in an incompatible way (IDNA2008).
These incompatibilities will prevent applications written for IDNA2003 to
access certain problematic domain names defined with IDNA2008, e.g., faß.de is
translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is
translated to fass.de domain. That not only causes incompatibility problems,
but may be used as an attack vector to redirect users to different web sites.
v2:
- keep libidn support
- require libidn2 >= 2.0.0
v3:
- keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the
function.
- use both ±IDN and ±IDN2 in the version string
Some distros (openSUSE) don't have group shadow support enabled. This can lead
to the following error:
# systemd-sysusers
Creating group foofoo with gid 478.
# systemd-sysusers
# groupdel foofoo
# systemd-sysusers
Creating group foofoo with gid 478.
Failed to write files: File exists
This patch adds --disable-gshadow option to configure. If used,
systemd-sysvusers won't consider /etc/gshadow.
There's some confusion: older man pages specify that linux/random.h
contains getrandom, but newer glibc has it in sys/random.h. Detect if
the newer header is available and include it. We still need the older
header for the flags.
This is a partial revert of 2375607039. We still have code
guarded by HAVE_GLIB in tests.
v2:
- do not define the automake conditional, it wasn't used anywhere
- rename --disable-gudev to --disable-glib
v3:
- do not cause an error if the libs are not found, this is supposed
to be an "auto" dep by default.
Due to ARM not having an EFI capable objcopy we need to use the binary
output argument. This is correctly set up for AArch64 but is missed
when building for ARM32. This patch adds the ARCH_ARM automake define
which can then be used in the makefile to determine if to use the
correct linker flags.
The addition of the ARM32 flags is a copy and paste from the AArch64 to
create a logical OR for the ARCH_AARCH64 and ARCH_ARM variables. I
couldn't figure out a better way to create the conditional with basic
Make language constructs.
When the user provides the --with-efi-includedir we incorrectly search
for the header at /usr/include not the provided location. This patch
changes the check to use the provided value so that non-standard header
locations are supported.
This situation occurs commonly when cross-compiling systemd because the
GNU EFI headers and library will not be installed into the root
locations but highly likely a temporary system root.
We defined both $(VERSION) and $(PACKAGE_VERSION) with the same contents.
$(PACKAGE_VERSION) is slightly more descriptive, so settle on that, and
drop the other define.
We used ENABLE_LOGIND for the automake conditional, and HAVE_LOGIND
for the ifdef. That wasn't wrong, but it certainly was confusing.
Also, move the ifdeffery to avoid warning about unused static function
logind_set_wall_message() when logind is disabled.
Kernel default mode is 0600, but distributions change it to group kvm, mode
either 0660 (e.g. Debian) or 0666 (e.g. Fedora). Both approaches have valid
reasons (a stricter mode limits exposure to bugs in the kvm subsystem, a looser
mode makes libvirt and other virtualization mechanisms work out of the box for
unprivileged users over ssh).
In Fedora the qemu package carries the relevant rule, but it's nicer to have it
in systemd, so that the permissions are not dependent on the qemu package being
installed. Use of packaged qemu binaries is not required to make use of
/dev/kvm, e.g. it's possible to use a self-compiled qemu or some alternative.
https://bugzilla.redhat.com/show_bug.cgi?id=1431876
To accomodate both approaches, add a rule to set the mode in 50-udev-default.rules,
but allow the mode to be overridden with a --with-dev-kvm-mode configure rule.
The default is 0660, as the (slightly) more secure option.
The legacy *.pkla files are not required when running against polkit ≥ 106,
and we want to avoid shipping files in /var if possible (but pkla files
can only be in /etc/ or /var).
Only install the *.pkla files if we detect an old polkit version during
configure. Don't install them if polkit isn't installed during build, as
distributions other than Debian-based ones have moved to the new polkit
long ago.
Fixes#5523
It is expected that general-purpose distributions might want to override this.
This commit is made separate from grandparent to make it easy to revert if
needed.
v2:
- use hybrid as the default
(We tested that the default of unified seems boot correctly everywhere and behave
correctly in general, but it is incompatible with docker/lxc and probably some
other tools, so for now we default to hybrid. The new "hybrid" mode should work
be OK for those tools.)
Fixes#4669.
We have ./configure switches for various parts of non-essential functionality,
let's add one for this new stuff too. Support for environment generators is
not conditional — if you don't want them, just don't install any.
This is pretty important, and we print this string during startup, so putting
the default hierarchy information might help with diagnosis if things go awry.
$ ./systemctl --version
systemd 232
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN default-hierarchy=legacy
v2: make the message nicer by including the ./configure option argument
directly in output
The default default is set to "legacy", with "hybrid" and "unified"
being the other two alternatives.
There invert the behaviour for systemd.legacy_systemd_cgroup_controller:
if it is not specified on the kernel command line, "hybrid" is used if
selected as the default. If this option is specified, "hybrid" is used if false,
and full "legacy" if true.
Also make all fields in the configure summary lowercase (unless they are
capitalized names) for consistency.
v2:
- update for the fixed interpreation of systemd.legacy_systemd_cgroup_controller
explicit_bzero was added in glibc 2.25. Make use of it.
explicit_bzero is hardcoded to zero the memory, so string erase now
truncates the string, instead of overwriting it with 'x'. This causes
a visible difference only in the journalctl case.
Ubuntu 14.04 (Trusty) kernel header packages ship without
<linux/vm_sockets.h>. Only struct sockaddr_vm and VMADDR_CID_ANY will
be needed by systemd and they are simple enough to go in missing.h.
CentOS 7 <sys/socket.h> does not define AF_VSOCK. Define it so the code
can compile although actual socket(2) calls may fail at runtime if the
address family isn't available.
gperf-3.1 generates lookup functions that take a size_t length
parameter instead of unsigned int. Test for this at configure time.
Fixes: https://github.com/systemd/systemd/issues/5039
"sushell" is a Fedora-specific concept, shipped as part of
"initscripts". We shouldn't actively search for it if we can avoid it.
Hence, lets now default to /bin/sh as debug shell on all systems, and
permit Fedora to override that for their RPMs via --with-debug-shell= at
configure time.
We currently don't expect any warnings about format strings, on any
architecture (#4612 removed the last few warnings). Turn those warnings into
errors in the future.
As requested by Martin Pitt.
gcc documentation says that -Wformat=2 includes -Wformat-security and
-Wformat-nonliteral so don't include them explicitly.
Let's start placing our D-Bus policy files in /usr rather than /etc. D-Bus
supports this since 1.9.18, and moving our files over means we continue to work
even if /etc is flushed out entirely (for example if systemd-nspawn's
--volatile= switch is used).
Since 1.9.18 was released summer 2015 it should be fine to require a newer
version like this for our builds.
https://lists.freedesktop.org/archives/dbus/2015-July/016746.html
lz4 upstream decided to switch to an incompatible numbering scheme
(1.7.3 follows 131, to match the so version).
PKG_CHECK_MODULES does not allow two version matches for the same package,
so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
"new" numbers (anything below 10 is assume to be new), once for the "old"
numbers (anything above >= 125). This assumes that the "new" versioning
will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
mature project.
Fixed#4690.
Zbigniew Jędrzejewski-Szmek