picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
Systemd/src
History
Lennart Poettering 0c85702874 resolved: partially implement RFC5011 Trust Anchor support 
With this patch resolved will properly handle revoked keys, but not
augment the locally configured trust anchor database with newly learned
keys.

Specifically, resolved now refuses validating RRsets with
revoked keys, and it will remove revoked keys from the configured trust
anchors (only until reboot).

This patch does not add logic for adding new keys to the set of trust
anchors. This is a deliberate decision as this only can work with
persistent disk storage, and would result in a different update logic
for stateful and stateless systems.  Since we have to support stateless
systems anyway, and don't want to encourage two independent upgrade
paths we focus on upgrading the trust anchor database via the usual OS
upgrade logic.

Whenever a trust anchor entry is found revoked and removed from the
trust anchor a recognizable log message is written, encouraging the user
to update the trust anchor or update his operating system.
2016-01-04 22:42:10 +01:00
..
ac-power
activate util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
analyze analyze: verify verifies templates too 2015-12-14 07:11:03 +00:00
ask-password strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_ 2015-10-19 23:13:07 +02:00
backlight tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
basic Merge pull request #2245 from ssahani/socket1 2016-01-03 14:19:37 +01:00
binfmt defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
boot tree-wide: sort includes 2015-11-16 22:09:36 +01:00
bootchart tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
bus-proxyd tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgls tests: turn check if manager cannot be intialized into macro 2015-12-02 09:50:00 -05:00
cgroups-agent tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
cgtop tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
compat-libs #pragma once here and there 2015-01-23 09:30:44 -05:00
core core: socket options fix SCTP_NODELAY 2015-12-31 12:05:57 +05:30
cryptsetup tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
dbus1-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
debug-generator debug-generator: respect kernel parameters for default unit setting 2015-11-03 14:47:39 +03:00
delta treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
detect-virt detect-virt: add new --chroot switch to detect chroot() environments 2015-10-27 13:25:57 +01:00
escape util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
firstboot firstboot: log on take_etc_passwd_lock error too 2015-11-15 18:30:26 +00:00
fsck tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
fstab-generator fstab-gen: post can't be NULL 2015-11-25 21:21:44 +01:00
getty-generator util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
gpt-auto-generator tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
hibernate-resume tree-wide: sort includes 2015-11-16 22:09:36 +01:00
hostname treewide: fix typos and indentation 2015-12-14 15:53:11 +01:00
hwdb tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
import importd: drop dkr support 2015-12-10 16:54:41 +01:00
initctl tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
journal Merge pull request #2158 from keszybz/journal-decompression 2015-12-23 21:31:07 +01:00
journal-remote Add Seal option in the configuration file for journald-remote 2015-12-20 13:23:33 +01:00
kernel-install 90-loaderentry.install: fixup BOOT_OPTIONS 2015-06-02 16:10:06 +02:00
libsystemd Merge pull request #2241 from poettering/dnssec9 2016-01-01 11:19:19 +01:00
libsystemd-network Merge pull request #2223 from ssahani/lldp 2015-12-25 00:40:07 -05:00
libudev libudev: simplify udev_device_ensure_usec_initialized a bit 2015-12-07 00:44:14 -05:00
locale tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
login Fix typo on logind-dbus.c 2015-12-19 12:46:09 +01:00
machine importd: drop dkr support 2015-12-10 16:54:41 +01:00
machine-id-setup tree-wide: sort includes 2015-11-16 22:09:36 +01:00
modules-load defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
network tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
notify util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nspawn nspawn: userns and unified cgroup: chown cgroup.events 2015-12-28 14:30:56 +01:00
nss-myhostname util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
nss-mymachines tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
nss-resolve tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
path util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
quotacheck tree-wide: sort includes 2015-11-16 22:09:36 +01:00
random-seed util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
rc-local-generator treewide: apply errno.cocci 2015-11-09 20:01:06 +01:00
remount-fs remount-fs: modernize coding style a bit 2015-11-17 00:52:10 +01:00
reply-password util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
resolve resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00
resolve-host resolve: add RFC4501 URI support to systemd-resolve-host 2016-01-03 12:59:26 +01:00
rfkill tree-wide: group include of libudev.h with sd-* 2015-11-17 07:06:08 +01:00
run tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
shared shared: relax restrictions on valid domain name characters a bit 2015-12-28 14:46:39 +01:00
sleep util-lib: split out fd-related operations into fd-util.[ch] 2015-10-25 13:19:18 +01:00
socket-proxy util-lib: split out allocation calls into alloc-util.[ch] 2015-10-27 13:45:53 +01:00
sysctl defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
system-update-generator util-lib: move a number of fs operations into fs-util.[ch] 2015-10-27 13:25:56 +01:00
systemctl tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
systemd resolved: partially implement RFC5011 Trust Anchor support 2016-01-04 22:42:10 +01:00
sysusers defs: rework CONF_DIRS_NULSTR() macro 2015-11-10 17:31:31 +01:00
sysv-generator install: follow unit file symlinks in /usr, but not /etc when looking for [Install] data 2015-11-12 17:57:04 +01:00
test shared: relax restrictions on valid domain name characters a bit 2015-12-28 14:46:39 +01:00
timedate tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
timesync tree-wide: sort includes in *.h 2015-11-18 23:09:02 +01:00
tmpfiles tmpfiles: create subvolumes for "v", "q", and "Q" only if / is a subvolume 2015-11-16 15:25:42 +01:00
tty-ask-password-agent tty-ask-password-agent: fix typo in error message 2015-11-05 13:44:01 +01:00
udev Merge pull request #2110 from keszybz/udev-indentation 2015-12-09 14:18:37 +01:00
update-done util-lib: split out IO related calls to io-util.[ch] 2015-10-26 01:24:38 +01:00
update-utmp tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy 2015-11-27 19:19:36 +01:00
user-sessions user-sessions: make sure /run/nologin has correct SELinux label 2015-12-04 22:01:17 +01:00
vconsole treewide: use the negative error codes returned by our functions 2015-11-05 13:44:06 +01:00
.gitignore
Makefile