Florian Klink
d3ccb1b4ba
network: fix IPv6PrivacyExtensions=kernel handling
...
When set to "kernel", systemd is not supposed to touch that sysctl.
5e0534f1c1
, part of
https://github.com/systemd/systemd/pull/17240 forgot to handle that
case.
Fixes https://github.com/systemd/systemd/issues/18003
2020-12-24 08:54:20 +09:00
Florian Klink
7eeaf72b88
network: fix typo
...
IPv6 privacy extensions are plural, not singular.
2020-12-23 12:56:45 +01:00
Jonathan G. Underwood
227acf0009
cryptsetup: add support for workqueue options
...
This commit adds support for disabling the read and write
workqueues with the new crypttab options no-read-workqueue
and no-write-workqueue. These correspond to the cryptsetup
options --perf-no_read_workqueue and --perf-no_write_workqueue
respectively.
2020-12-23 11:07:48 +00:00
pali
5fc3b26125
udev: Updates for cdrom_id helper
...
cdrom_id udev helper does not parse all MMC profiles. Following change
fixes this issue and parse all 34 profiles from all MMC standard versions.
Also it replaces magic constants by macros provided by linux/cdrom.h and
fixes cd_profiles_old_mmc() to issue READ_DISC_INFO command in two steps,
like it is doing kernel and also mkudffs.
2020-12-22 15:21:29 +09:00
Luca Boccassi
8bab802910
basic: add make_mount_point_inode helper
...
Creates a file or a directory depending on the source path, useful
for creating mount points.
2020-12-21 21:48:13 +01:00
Yu Watanabe
9df1e11e31
udev: fix memleak
...
Fixes #18039 .
2020-12-21 16:55:56 +01:00
Yu Watanabe
8786d4bbe4
journal-importer: ignore invalid field at one more place
...
Fixes oss-fuzz#28817.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28817
2020-12-21 12:40:44 +00:00
Frantisek Sumsal
84fa67f0ef
cryptenroll: drop an unused variable
...
Fixes following warning/error w/ clang:
../src/cryptenroll/cryptenroll-tpm2.c:64:64: error: unused variable 'a' [-Werror,-Wunused-variable]
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *a = NULL;
^
1 error generated.
2020-12-20 22:15:52 +01:00
Yu Watanabe
d1a61dfa69
tmpfiles: fix typo
...
Follow-up for 94566540e3
.
2020-12-19 00:58:22 +09:00
Yu Watanabe
8a5a01d19c
Merge pull request #18019 from yuwata/hostname-drop-libudev
...
hostname: fix build failure
2020-12-19 00:57:36 +09:00
Yu Watanabe
3693cbacf7
memory-id: fix never hit condition
...
As sizeof(int64_t) is always 8.
2020-12-18 23:13:21 +09:00
Yu Watanabe
0be6dee2c2
hostname: fix build failure
...
Follow-up for b9d8069832
.
libudev.h was dropped from most of our binaries.
2020-12-18 23:11:02 +09:00
Lennart Poettering
9bd6ee8d5d
Merge pull request #15531 from felipeborges/add-device-model-field-to-hostnamed
...
hostnamed: Add "Model" field
2020-12-18 14:26:32 +01:00
Devon Pringle
16c89e649d
networkd: add RouteDenyList
...
Allow configuration for IPv6 discovered routes to be ignored instead of
adding them as a route. This can be used to block unwanted routes, for
example, you may wish to not receive some set of routes on an interface
if they are causing issues.
2020-12-18 21:44:32 +09:00
Yu Watanabe
af42881bf9
Merge pull request #18015 from keszybz/dmi-test-mesonification2
...
Dmi test mesonification2
2020-12-18 21:44:00 +09:00
Yu Watanabe
9f62de5762
Merge pull request #18011 from yuwata/trivial-fixes
...
Trivial fixes for recently merged PRs
2020-12-18 20:12:02 +09:00
Yu Watanabe
fd4835bdf8
Merge pull request #17693 from yuwata/tmpfiles-compress-nocow-on-btrfs
...
tmpfiles: try to set file attributes one by one
2020-12-18 16:52:29 +09:00
Yu Watanabe
ee672fd30b
Merge pull request #18009 from poettering/time-set-sync-target
...
tweaks for time-sync.target and time-set.target
2020-12-18 16:02:56 +09:00
Yu Watanabe
eca248640b
netlink: fix size of fib rule messages
2020-12-18 13:27:44 +09:00
Yu Watanabe
8940baac4d
meson: sort files
2020-12-18 13:27:44 +09:00
Yu Watanabe
479667c497
nspawn: sort headers
2020-12-18 13:27:44 +09:00
Yu Watanabe
ce9dc1fd8b
netlink: fix indentation
2020-12-18 13:27:44 +09:00
Yu Watanabe
a73f080727
netlink: drop unnecessary error handling
2020-12-18 13:27:44 +09:00
Yu Watanabe
faa0d69c6c
netlink: use whitespace instead of tab
2020-12-18 13:27:44 +09:00
Yu Watanabe
f6dab7489e
sd-netlink: add several assertions
2020-12-18 13:27:40 +09:00
Yu Watanabe
2d1ad72456
sd-netlink: replace *messages[] -> **messages
2020-12-18 13:11:06 +09:00
Yu Watanabe
ec87f63c0e
meson: add missing headers
2020-12-18 13:05:19 +09:00
Yu Watanabe
517fdd61ed
network: move variable declaration
2020-12-18 13:00:57 +09:00
Yu Watanabe
458610429f
tree-wide: fix typo
2020-12-18 12:59:29 +09:00
Yu Watanabe
94566540e3
tmpfiles: try to set file attributes one by one
...
Closes #17690 .
2020-12-18 12:35:57 +09:00
Yu Watanabe
459631a0f9
chattr-util: introduce fallback mode to set file attributes one by one
2020-12-18 12:33:43 +09:00
Susant Sahani
d7d1d18fd2
network: Allow to configure unreachable/blackhole RoutingPolicyRule ( #17984 )
2020-12-18 12:21:15 +09:00
Lennart Poettering
fe934b42e4
core: order timer units after both time-sync.target and time-set.target
...
If users do not enable a service like systemd-time-wait-sync.target
(because they don't want to delay boot for external events, such as an
NTP sync), then timers should still take the the weaker time-set.target
feature into account, so that the clock is at least monotonic.
Hence, order timer units after both of the targets: time-sync.target
*and* time-set.target. That way, the right thing will happen regardless
if people have no NTP server (and thus also no
systemd-time-wait-sync.service or equivalent) or, only have an NTP
server (and no systemd-time-wait-sync.service), or have both.
Ordering after time-set.target is basically "free". The logic it is
backed by should be instant, without communication with the outside
going on. It's useful still so that time servers that implement the
timestamp from /var/ logic can run in later boot.
2020-12-17 20:21:46 +01:00
Lennart Poettering
1abaa19781
fido2: when listing fido2/hmac-secret devices, actually validate feature set
2020-12-17 20:02:28 +01:00
Lennart Poettering
a60d5b2f38
test: add tpm2 and fido2 libs to dlopen test
2020-12-17 20:02:24 +01:00
Lennart Poettering
889914ef6c
repart: optionally lock encrypted partitions to TPM2
...
This useful for bootstrapping encrypted systems: on first boot let's
create a /var/ partition that is locked to the local TPM2.
2020-12-17 20:02:20 +01:00
Lennart Poettering
5f0ab16198
string-table: add private version of lookup macro with boolean fallback
2020-12-17 20:02:14 +01:00
Lennart Poettering
18843ecc2a
cryptsetup: add support for TPM2 unlocking of volumes
2020-12-17 20:02:03 +01:00
Lennart Poettering
d2fafc423d
cryptenroll: support listing and wiping tokens
2020-12-17 20:01:52 +01:00
Lennart Poettering
5e521624f2
cryptenroll: add support for TPM2 enrolling
2020-12-17 20:01:31 +01:00
Lennart Poettering
2d64d2b955
json: add APIs for quickly inserting hex blobs into as JSON strings
...
This is similar to the base64 support, but fixed-size hash values are
typically preferably presented as series of hex values, hence store them
here like that too.
2020-12-17 20:01:17 +01:00
Lennart Poettering
1403d48d61
sort-util: make cmp_int() generic, so that we can reuse it elsewhere
2020-12-17 20:01:02 +01:00
Lennart Poettering
8710a6818e
cryptenroll: add new "systemd-cryptenroll" tool for enrolling FIDO2+PKCS#11 security tokens
2020-12-17 20:00:51 +01:00
Lennart Poettering
2bc5c425e6
cryptsetup: add fido2 support
2020-12-17 20:00:41 +01:00
Lennart Poettering
e3fb662b67
fido2: don't use up/uv/rk when device doesn't support it
...
Apparently devices are supposed to generate failures if we try to turn
off features they don't have. Thus don't.
Prompted-by: https://github.com/systemd/systemd/issues/17784#issuecomment-737730395
2020-12-17 20:00:27 +01:00
Lennart Poettering
ebcb3f38d2
homed: split out HMAC-HASH fido2 decode code into src/shared/
...
That way we can use it later on in systemd-cryptsetup to unlock devices
with FIDO2 tokens.
2020-12-17 20:00:15 +01:00
Lennart Poettering
17599e129b
homed: move fido2 setup code to src/shared/
...
That way we can reuse it from systemd-cryptenroll
2020-12-17 20:00:03 +01:00
Lennart Poettering
fb2d839c06
homed: move fido2 device enumeration logic to shared code
2020-12-17 19:59:50 +01:00
Lennart Poettering
69cb28965b
homed: turn libfido2 into a dlopen() type dependency
2020-12-17 19:59:32 +01:00
Lennart Poettering
b8c80b56d1
cryptsetup: split up attach_luks_or_plain_or_bitlk() into smaller functions
...
Just some refactoring.
2020-12-17 19:59:28 +01:00