Commit Graph

186 Commits

Author SHA1 Message Date
Iwan Timmer 096cbdce13 resolved: basic OpenSSL support for DNS-over-TLS
This provides basic OpenSSL support without optimizations like TCP Fast Open and TLS Session Tickets.
Notice only a single SSL library can be enabled at a time and therefore journald functions provided by GnuTLS will be disabled when using OpenSSL.
Fixes #9531
2018-07-27 21:23:17 +01:00
Lennart Poettering 2b2b7228bf pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS
Since D-Bus 1.9.14 (2015-03-02) dbus looks in $XDG_RUNTIME_DIR/bus for
the system bus on its own, hence we can finally drop setting this
environment variable. gdbus since glib 2.45.3 (June 2015) also supports
it.
2018-07-25 16:09:33 +02:00
Yu Watanabe 7a6397d2b3 meson: use has_link_argument() and friends
This bumps the minimum required version of meson to 0.46, as
`has_link_argument()` and friends are supported since 0.46.
2018-07-24 01:31:22 +09:00
Yu Watanabe ac09340e85 meson: use integer type in options
This bumps the minimum required version of meson to 0.45 and
python to 3.5, as integer type option is supported since meson-0.45
and meson-0.45 requires python-3.5.
2018-07-24 01:31:21 +09:00
Lennart Poettering 1815dfbbfc README: clarify that not only systemd should use prefix=/usr, but its deps too
See: #9547
2018-07-17 06:37:06 -07:00
Zbigniew Jędrzejewski-Szmek d35f51ea84 tree-wide: use "polkit" to refer to PolicyKit/polkit
Back in 2012 the project was renamed, see the release notes for v 0.105
[https://cgit.freedesktop.org/polkit/tree/NEWS#n754]. Let's update our
documentation and comments to do the same. Referring to PolicyKit is confusing
to users because at the time the polkit api changed too, and we support the new
version. I updated NEWS too, since all the references to PolicyKit there were
added after the rename.

"PolicyKit" is unchanged in various URLs and method call names.
2018-07-16 12:44:24 +02:00
Yu Watanabe f02582f69f meson: check whether gnutls supports TCP fast open
Fixes #9403
2018-06-26 00:30:29 +09:00
Zbigniew Jędrzejewski-Szmek d18cb3937b Turn VALGRIND variable into a meson configuration switch
Configuration through environment variable is inconvenient with meson, because
they cannot be convieniently changed and/or are not preserved during
reconfiguration (https://github.com/mesonbuild/meson/issues/1503).
This adds -Dvalgrind=true/false, which has the advantage that it can be set
at any time with meson configure -Dvalgrind=... and ninja will rebuild targets
as necessary. Additional minor advantages are better consistency with the
options for hashmap debugging, and typo avoidance with '#if' instead of '#ifdef'.
2018-05-17 09:54:36 -07:00
Yu Watanabe fa0471cdc2 doc: mention the required minimum version of meson and python 2018-05-10 15:31:06 +09:00
Yu Watanabe a42d4f5741 doc: update hosts nsswitch setting to which consistent to man pages 2018-05-01 15:18:10 +09:00
Yu Watanabe 2a46c4b739 doc: drop static user systemd-timesync from README 2018-05-01 15:16:39 +09:00
Yu Watanabe f959c5c66f doc: drop static user systemd-journal-gateway from README
and add systemd-journal-remote instead.
2018-05-01 15:15:48 +09:00
Zbigniew Jędrzejewski-Szmek 94ac201ac2 README: mention systemd-stable
Fixes #8564.

https://www.freedesktop.org/wiki/Software/systemd/Backports/ has already been
adjusted.
2018-03-26 15:28:03 +02:00
Alan Jenkins 45a582d536 README: fix context for CONFIG_DEVPTS_MULTIPLE_INSTANCES
`newinstance` (and `ptmxmode`) options of devpts are _not_ used by
PrivateDevices=.  (/dev/pts is shared, similar to how /dev/shm and
/dev/mqueue are handled).  It is used by nspawn containers though.

Also CONFIG_DEVPTS_MULTIPLE_INSTANCES was removed in 4.7-rc2
eedf265aa0
and no longer needs to be set, so make that clearer to avoid confusion.
2018-01-17 18:04:27 +00:00
George G 0ceced3d9a README: EXT4_POSIX_ACL -> EXT4_FS_POSIX_ACL (#7799)
EXT4_POSIX_ACL doesn't exist.
2018-01-04 08:53:44 +01:00
Andrew Jeddeloh b1b96380fe README: add requirements for IPAddress{Allow,Deny} (#7414)
Document kernel options needed for IPAddress{Allow,Deny}.
2017-11-21 23:54:20 +01:00
Lennart Poettering 2422bd21c8 README,sysusers: complete and order list of default udev groups we need
Let's make sure the list of default udev groups we need are ordered in
README and in the sysusers.d snippet, and both are complete.
2017-11-20 12:34:28 +01:00
Lennart Poettering 9e93f6f092 README: slightly update the section about split /usr
It's fine if /usr is actually on a separate fs. What matters is that it
is mounted early enough. Say so.
2017-11-20 12:34:28 +01:00
Lennart Poettering 01c8938e54 README: document that prefix *must* be /usr and nss-systemd is not an option
See: #7374
2017-11-20 12:30:57 +01:00
Zbigniew Jędrzejewski-Szmek d79a2f5fab po: add a copy of polkit its rules
It's just a few lines, but this way we avoid a dependency on polkit, and
can use meson's i18n stuff on older distros.
2017-11-14 16:18:27 +01:00
Zbigniew Jędrzejewski-Szmek c81217920e i18n: drop intltool use, use meson's merge_file directly
This didn't work during the initial conversion to meson, but should now.
A sufficiently new polkit is also required, for the .its rules files.

Note that https://github.com/mesonbuild/meson/blob/master/docs/markdown/i18n-module.md
says that 'install' argument was added in meson 0.43.0. If this is accurate,
warnigs might be generated with older mesons. Fedora has 0.43.0 across the
board, but other distros probably don't, but I guess that a warning is
prefereable to having to update do latest meson.

The advantages are:
- one less dependency (intltool)
- using the generic implementation instead of our open-coded calls
- we don't need to use the fake "_" prefixes in XML

Replaces #1609, fixes #7300.
2017-11-13 21:35:28 +01:00
Zbigniew Jędrzejewski-Szmek d6e8096669 build-sys: require libmount >= 2.30 (#6795)
Fixes #4871.

The new libmount has two changes relevant for us:

- x-* options are propagated to /run/mount/utab and are visible through
  libmount (fixes #4817).

- umount -c now really works (partially solves #6115).
2017-09-15 14:47:57 +02:00
Michal Sekletar 7817154d5a README: note that installing valgrind-devel maybe useful to developers (#6502)
Commit also mentions that when running under valgrind we actually don't
execve() systemd-shutdown. We have a comment about this in the code, but
being upfront about this change in behavior doesn't hurt.
2017-08-30 13:07:43 +02:00
Mike Gilbert 8f968c7321 Revert "README: document that gperf 3.1 is required for building now" (#6541)
This reverts commit 4f5e972279.

Building with gperf 3.0 works just fine; we had an autoconf check to
determine the correct data types, and this check was ported to meson.
2017-08-05 18:30:37 -04:00
Dimitri John Ledkov 582faeb461 modprobe.d: ship drop-in to set bonding max_bonds to 0 (#6448)
This allows networkd to correctly manage bond0 using networkd, when requested
by the user.

Fixes #5971 #6184
2017-08-02 08:41:18 -04:00
Lennart Poettering f5a93d5db1 README: document that max_bonds=0 is the way to go for bonding.ko
Everything else just is annoying, hence let's list this among the
requirements we make on the kernel in order to minimize confusion
leading to #6184 and suchlike.
2017-07-24 11:49:16 +02:00
Zbigniew Jędrzejewski-Szmek 72cdb3e783 build-sys: drop automake support
v2:
- also mention m4
2017-07-18 10:04:44 -04:00
Lennart Poettering 3823da25cf Merge pull request #5928 from keszybz/libidn2
Use idn2 instead of idn
2017-05-12 12:01:40 +02:00
Zbigniew Jędrzejewski-Szmek f089206caa README: update util-linux required compilation options (#5949)
Fixes #5563.
2017-05-12 10:49:48 +02:00
Zbigniew Jędrzejewski-Szmek 87057e244b resolved: support libidn2 in addition to libidn
libidn2 2.0.0 supports IDNA2008, in contrast to libidn which supports IDNA2003.

https://bugzilla.redhat.com/show_bug.cgi?id=1449145
From that bug report:

Internationalized domain names exist for quite some time (IDNA2003), although
the protocols describing them have evolved in an incompatible way (IDNA2008).
These incompatibilities will prevent applications written for IDNA2003 to
access certain problematic domain names defined with IDNA2008, e.g., faß.de is
translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is
translated to fass.de domain. That not only causes incompatibility problems,
but may be used as an attack vector to redirect users to different web sites.

v2:
- keep libidn support
- require libidn2 >= 2.0.0
v3:
- keep dns_name_apply_idna caller dumb, and keep the #ifdefs inside of the
  function.
- use both ±IDN and ±IDN2 in the version string
2017-05-11 14:25:01 -04:00
Zbigniew Jędrzejewski-Szmek 3e609a8ad3 README: update with meson instructions
v2:
- call the project ninja-build and the executable ninja.
  (/usr/bin/ninja-build is a fedora-ism, hopefully gone soon.)
2017-04-23 21:47:29 -04:00
Lennart Poettering 4f5e972279 README: document that gperf 3.1 is required for building now 2017-03-30 11:54:23 +02:00
Michael Biebl dcce98a4bd Avoid strict DM interface version dependencies (#5519)
Compiling against the dm-ioctl.h header as provided by the Linux kernel
will embed the DM interface version number. Running an older kernel can
result in an error like this on shutdown:

Could not detach DM dm-11: ioctl mismatch, kernel(4.34.4), user(4.35.4)

Work around this by shipping a local copy of dm-ioctl.h. We need at
least the version from 3.13 for DM_DEFERRED_REMOVE [1], so bump the
requirements in README accordingly.

[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c140a246dc0bc085b98eddde978060fcec1080c

Fixes: #5492
2017-03-02 19:11:37 +01:00
Mike Gilbert 9c7f7d86f8 README: document dependency on kernel crypto/hash API (#5457)
The hmac and sha256 algorithms are used in sd-id128.

Closes: https://github.com/systemd/systemd/issues/5454
Closes: https://github.com/systemd/systemd/issues/5455
2017-02-25 22:42:27 -05:00
AsciiWolf c6749ba52c NEWS, README: use www prefix in freedesktop.org URLs 2017-02-21 18:26:23 +01:00
AsciiWolf 19d9372b60 README, README.md: use https:// in URLs 2017-02-21 15:56:04 +01:00
Lennart Poettering c8c13d35c6 Merge pull request #5319 from keszybz/test-execute
test-execute without capsh
2017-02-13 15:29:40 +01:00
Michael Shields 501bf2d5d2 It's now ok to use Google NTP servers (#5311) 2017-02-12 00:30:40 -05:00
Zbigniew Jędrzejewski-Szmek e94681ad15 README: document capsh's usefulness 2017-02-12 00:26:19 -05:00
Lennart Poettering 0ca48bb0e8 README: suffix unit file options with "=" 2017-02-06 21:13:29 +01:00
Lucas Werkmeister 87fe170749 README: document CONFIG_USER_NS requirement for PrivateUsers (#5140) 2017-01-23 21:18:07 -05:00
Mike Gilbert ecf4f0a8de build-sys: revert dbus >= 1.9.18 requirement (#4924)
Instead, document the necessary step to utilize older dbus versions.
2016-12-20 10:53:53 +01:00
Zbigniew Jędrzejewski-Szmek 52b2f6b35d README: bump dbus dep
We should also mention this in NEWS before release. Suggested text:
> DBus policy files are now installed into /usr rather than /etc. Make sure
> your system has dbus = 1.9.18 running before upgrading to this version, or
> override the install path with --with-dbuspolicydir=
2016-12-17 09:26:44 -05:00
Zbigniew Jędrzejewski-Szmek a2fc3d87fb README: list dependencies for testing
Fixes #4365.
2016-10-17 16:54:27 +00:00
hbrueckner 6abfd30372 seccomp: add support for the s390 architecture (#4287)
Add seccomp support for the s390 architecture (31-bit and 64-bit)
to systemd.

This requires libseccomp >= 2.3.1.
2016-10-05 13:58:55 +02:00
Felipe Sateler fd74fa791f README: document that CONFIG_SECCOMP_FILTER is required for SECCOMP support 2016-09-06 20:25:49 -03:00
Lennart Poettering 409093fe10 nss: add new "nss-systemd" NSS module for mapping dynamic users
With this NSS module all dynamic service users will be resolvable via NSS like
any real user.
2016-07-22 15:53:45 +02:00
Lennart Poettering d5bd92bbbe README: document that we only support util-linux built with --enable-libmount-force-mountinfo
Fixes: #2978
2016-04-12 13:43:33 +02:00
Zbigniew Jędrzejewski-Szmek 58015d7815 README: bump kernel version to 3.12
It is required for %P is sysctl kernel.core_pattern.

Fixes #2800.
2016-03-05 11:22:45 -05:00
Daniel Mack 232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00