mirror of
https://github.com/systemd/systemd.git
synced 2024-11-27 04:03:36 +08:00
sysupdate: Implement systemd-sysupdated dbus service
Co-authored-by: Tom Coldrick <thomas.coldrick@codethink.co.uk> Co-authored-by: Abderrahim Kitouni <abderrahim.kitouni@codethink.co.uk>
This commit is contained in:
parent
2656f44c3c
commit
bf2c741fd7
487
man/org.freedesktop.sysupdate1.xml
Normal file
487
man/org.freedesktop.sysupdate1.xml
Normal file
@ -0,0 +1,487 @@
|
||||
<?xml version='1.0'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" >
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||||
|
||||
<refentry id="org.freedesktop.sysupdate1" conditional='ENABLE_SYSUPDATE'
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||||
<refentryinfo>
|
||||
<title>org.freedesktop.sysupdate1</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>org.freedesktop.sysupdate1</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>org.freedesktop.sysupdate1</refname>
|
||||
<refpurpose>The D-Bus interface of systemd-sysupdated</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsect1>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd-sysupdated.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
is a system service that allows unprivileged clients to update the system. This page describes the D-Bus
|
||||
interface.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>The Manager Object</title>
|
||||
|
||||
<para>The service exposes the following interfaces on the Manager object on the bus:</para>
|
||||
|
||||
<programlisting executable="systemd-sysupdated" node="/org/freedesktop/sysupdate1" interface="org.freedesktop.sysupdate1.Manager">
|
||||
node /org/freedesktop/sysupdate1 {
|
||||
interface org.freedesktop.sysupdate1.Manager {
|
||||
methods:
|
||||
ListTargets(out a(sso) targets);
|
||||
ListJobs(out a(tsuo) jobs);
|
||||
ListAppStream(out as urls);
|
||||
signals:
|
||||
JobRemoved(t id,
|
||||
o path,
|
||||
i status);
|
||||
};
|
||||
interface org.freedesktop.DBus.Peer { ... };
|
||||
interface org.freedesktop.DBus.Introspectable { ... };
|
||||
interface org.freedesktop.DBus.Properties { ... };
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
<!--Autogenerated cross-references for systemd.directives, do not edit-->
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Manager"/>
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Manager"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="ListTargets()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="ListJobs()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="ListAppStream()"/>
|
||||
|
||||
<variablelist class="dbus-signal" generated="True" extra-ref="JobRemoved()"/>
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
||||
<refsect2>
|
||||
<title>Methods</title>
|
||||
|
||||
<para><function>ListTargets()</function> returns a list all known update targets. It returns
|
||||
an array of structures which consist of a string indicating the target's class (see Target's
|
||||
<varname>Class</varname> property below for an explanation of the possible values), a string
|
||||
with the name of the target, and the target object path.</para>
|
||||
|
||||
<para><function>ListJobs()</function> returns a list all ongoing jobs. It returns
|
||||
an array of structures which consist of a numeric job ID, a string indicating the job type (see Job's
|
||||
<varname>Type</varname> property below for an explanation of the possible values), the job's progress,
|
||||
and the job's object path.</para>
|
||||
|
||||
<para><function>ListAppStream()</function> returns an array of all the appstream catalog URLs that this
|
||||
service knows about. See Target's <varname>GetAppStream()</varname> method below for more
|
||||
details.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Signals</title>
|
||||
|
||||
<para>The <function>JobRemoved()</function> signal is sent each time a job finishes,
|
||||
is canceled or fails. It also carries the job ID and object path, followed by a numeric status
|
||||
code. If the status is zero, the job has succeed. A positive status should be treated as an
|
||||
exit code (i.e. <literal>EXIT_FAILURE</literal>), and a negative status should be treated as a
|
||||
negative errno-style error code (i.e. <literal>-EINVAL</literal>).</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>The Target Object</title>
|
||||
|
||||
<para>A target is a component of the system (i.e. the host itself, a sysext, a confext, etc.) that
|
||||
can be updated by
|
||||
<citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<para>The service exposes the following interfaces on Target objects on the bus:</para>
|
||||
|
||||
<programlisting executable="systemd-sysupdated" node="/org/freedesktop/sysupdate1/target/host" interface="org.freedesktop.sysupdate1.Target">
|
||||
node /org/freedesktop/sysupdate1/target/host {
|
||||
interface org.freedesktop.sysupdate1.Target {
|
||||
methods:
|
||||
List(in t flags,
|
||||
out as versions);
|
||||
Describe(in s version,
|
||||
in t flags,
|
||||
out s json);
|
||||
CheckNew(out s new_version);
|
||||
Update(in s new_version,
|
||||
in t flags,
|
||||
out s new_version,
|
||||
out t job_id,
|
||||
out o job_path);
|
||||
Vacuum(out u count);
|
||||
GetAppStream(out as appstream);
|
||||
GetVersion(out s version);
|
||||
properties:
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly s Class = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly s Name = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly s Path = '...';
|
||||
};
|
||||
interface org.freedesktop.DBus.Peer { ... };
|
||||
interface org.freedesktop.DBus.Introspectable { ... };
|
||||
interface org.freedesktop.DBus.Properties { ... };
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
<!--Autogenerated cross-references for systemd.directives, do not edit-->
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Target"/>
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Target"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="List()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="Describe()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="CheckNew()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="Update()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="Vacuum()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="GetAppStream()"/>
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="GetVersion()"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Class"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Name"/>
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Path"/>
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
||||
<refsect2>
|
||||
<title>Methods</title>
|
||||
|
||||
<para><function>List()</function> returns a list of versions available for this target. The
|
||||
<varname>flags</varname> argument can be used to pass additional options, with bit 0 mapping to
|
||||
<option>offline</option>. When <option>offline</option> is true, this method returns only the versions
|
||||
installed locally. Otherwise, this method pulls metadata from the network and returns all versions
|
||||
available for this target. Use <function>Describe()</function> to query more information about each
|
||||
version returned by this method.</para>
|
||||
|
||||
<para><function>Describe()</function> returns all known information about a given version as a JSON
|
||||
object. The <varname>version</varname> argument is used to pass the version to be described. Additional
|
||||
options may be passed through the <varname>flags</varname> argument. The only supported value currently
|
||||
is <varname>SD_SYSTEMD_SYSUPDATE_OFFLINE</varname>, which prevents the call from accessing the network
|
||||
and restricts results to locally installed versions. This flag is defined as follows:</para>
|
||||
|
||||
<programlisting>
|
||||
#define SD_SYSTEMD_SYSUPDATE_OFFLINE (UINT64_C(1) << 0)
|
||||
</programlisting>
|
||||
|
||||
<para>The returned JSON object contains several known keys. More keys may be added in the future. The
|
||||
currently known keys are as follows:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>version</term>
|
||||
<listitem><para>A string containing the version number.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>newest</term>
|
||||
<listitem><para>A boolean indicating whether this version is the latest available for the target.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>available</term>
|
||||
<listitem><para>A boolean indicating whether this version is available for download.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>installed</term>
|
||||
<listitem><para>A boolean indicating whether this version is installed locally.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>obsolete</term>
|
||||
<listitem><para>A boolean indicating whether this version is considered obsolete by the service,
|
||||
and is therefore disallowed from being installed.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>protected</term>
|
||||
<listitem><para>A boolean indicating whether this version is exempt from deletion by a
|
||||
<function>Vacuum()</function> operation.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>changelog_urls</term>
|
||||
<listitem><para>A list of strings that contain user-presentable URLs to ChangeLogs associated with
|
||||
this version.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para><function>CheckNew()</function> checks if a newer version is available for this target. This
|
||||
method pulls metadata from the network. If a newer version is found, this method returns the
|
||||
version number. If no newer version is found, this method returns an empty string. Use
|
||||
<function>Describe()</function> to query more information about the version returned by this method.
|
||||
</para>
|
||||
|
||||
<para><function>Update()</function> installs an update for this target. If a
|
||||
<varname>new_version</varname> is specified, that is the version that gets installed. Otherwise, the
|
||||
latest version is installed. The <varname>flags</varname> argument is added for future
|
||||
extensibility. No flags are currently defined, and the argument is required to be set to
|
||||
<literal>0</literal>. Unlike all the other methods in this interface, <function>Update()</function>
|
||||
does not wait for its job to complete. Instead, it returns the job's numeric ID and object path as soon
|
||||
as the job begins, so that the caller can listen for progress updates or cancel the operation. This
|
||||
method also returns the version the target will be updated to, for cases where no version was specified
|
||||
by the caller. This method pulls both metadata and payload data from the network. Listen for the
|
||||
Manager's <function>JobRemoved()</function> signal to detect when the job is complete.</para>
|
||||
|
||||
<para><function>Vacuum()</function> deletes old installed versions of this target to free up space.
|
||||
It returns the number of instances that have been deleted.</para>
|
||||
|
||||
<para><function>GetAppStream()</function> returns a list of HTTP/HTTPS URLs to this target's
|
||||
<ulink url="https://wwww.freedesktop.org/software/appstream/docs/chap-CatalogData.html">appstream catalog</ulink>
|
||||
XML files. If this target has no appstream catalogs, the method will return an empty list. These
|
||||
catalog files can be used by software centers (such as GNOME Software or KDE Discover) to present rich
|
||||
metadata about the target, including a display name, changelog, icon, and more. The returned catalogs
|
||||
will include <ulink url="https://systemd.io/APPSTREAM_BUNDLE">special metadata</ulink> to allow the
|
||||
software center to correctly associate the catalogs with this target.</para>
|
||||
|
||||
<para><function>GetVersion()</function> returns the current version of this target, if any. The current
|
||||
version is the newest version that is installed. Note that this isn't necessarily the same thing as the
|
||||
booted or currently-in-use version of the target. For example, on the host system the booted version
|
||||
is the current version most of the time, but if an update is installed and pending a reboot it will
|
||||
become the current version instead. You can query the booted version of the host system via
|
||||
<varname>IMAGE_VERSION</varname> in <filename>/etc/os-release</filename>. If the target has no current
|
||||
version, the function will return an empty string.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Properties</title>
|
||||
|
||||
<para>The <varname>Class</varname> property exposes the class of this target, which describes
|
||||
where it was enumerated. Possible values include: <literal>machine</literal> for containers and
|
||||
virtual machines managed by
|
||||
<citerefentry><refentrytitle>systemd-machined.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<literal>portable</literal> for <ulink url="https://systemd.io/PORTABLE_SERVICES">portable services</ulink>,
|
||||
<literal>sysext</literal> for system extensions managed by
|
||||
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<literal>confext</literal> for configuration extensions managed by
|
||||
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
<literal>component</literal> for components accepted by the <option>--component=</option> option of
|
||||
<citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||||
and <literal>host</literal> for the host system itself. At most one target will have a class of
|
||||
<literal>host</literal>.</para>
|
||||
|
||||
<para>The <varname>Path</varname> property exposes more detail about where this target was found.
|
||||
For <literal>machine</literal>, <literal>portable</literal>, <literal>extension</literal>, and
|
||||
<literal>confext</literal> targets, this is the file path to the image. For <literal>component</literal>
|
||||
and <literal>host</literal> targets, this is the name of a
|
||||
<citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
directory.</para>
|
||||
|
||||
<para>The <varname>Name</varname> property exposes the name of this target. Note that the name is
|
||||
unique within a class but is not necessarily unique between classes. For instance, it is possible
|
||||
to have both a <literal>portable</literal> target named <literal>foobar</literal> and an
|
||||
<literal>extension</literal> target named <literal>foobar</literal>, but it is not possible to have
|
||||
two <literal>portable</literal> targets named <literal>foobar</literal>.</para>
|
||||
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Security</title>
|
||||
|
||||
<para>Method calls on this service are authenticated via
|
||||
<ulink url="https://www.freedesktop.org/software/polkit/docs/latest/">polkit</ulink>.</para>
|
||||
|
||||
<para><function>List()</function>, <function>Describe()</function>, and <function>CheckNew()</function>
|
||||
use the polkit action <interfacename>org.freedesktop.sysupdate1.check</interfacename>.
|
||||
By default, this action is permitted without administrator authentication.</para>
|
||||
|
||||
<para><function>Update()</function> uses the polkit action
|
||||
<interfacename>org.freedesktop.sysupdate1.update</interfacename> when no version is specified.
|
||||
By default, this action is permitted without administrator authentication. When a version is
|
||||
specified, <interfacename>org.freedesktop.sysupdate1.update-to-version</interfacename> is
|
||||
used instead. By default, this alternate action requires administrator authentication.</para>
|
||||
|
||||
<para><function>Vacuum()</function> uses the polkit action
|
||||
<interfacename>org.freedesktop.sysupdate1.vacuum</interfacename>. By default, this action requires
|
||||
administrator authentication.</para>
|
||||
|
||||
<para><function>GetAppStream()</function> and <function>GetVersion()</function> are unauthenticated and
|
||||
may be called by anybody.</para>
|
||||
|
||||
<para>All methods called on this interface expose additional variables to the polkit rules.
|
||||
<literal>class</literal> contains the class of the Target being acted upon, and <literal>name</literal>
|
||||
contains the name of the same Target. Additionally, each method exposes its arguments to the
|
||||
rule. Arguments containing flags are unwrapped into a variable-per-flag; for example, the
|
||||
<literal>SD_SYSTEMD_SYSUPDATE_OFFLINE</literal> flag is exposed as a variable named
|
||||
<literal>offline</literal>.</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>The Job Object</title>
|
||||
|
||||
<para>A job is an ongoing operation, started by one of the methods on a Target object.</para>
|
||||
|
||||
<para>The service exposes the following interfaces on Job objects on the bus:</para>
|
||||
|
||||
<programlisting executable="systemd-sysupdated" node="/org/freedesktop/sysupdate1/job/_1" interface="org.freedesktop.sysupdate1.Job">
|
||||
node /org/freedesktop/sysupdate1/job/_1 {
|
||||
interface org.freedesktop.sysupdate1.Job {
|
||||
methods:
|
||||
Cancel();
|
||||
properties:
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly t Id = ...;
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly s Type = '...';
|
||||
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
|
||||
readonly b Offline = ...;
|
||||
readonly u Progress = ...;
|
||||
};
|
||||
interface org.freedesktop.DBus.Peer { ... };
|
||||
interface org.freedesktop.DBus.Introspectable { ... };
|
||||
interface org.freedesktop.DBus.Properties { ... };
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
|
||||
<!--Autogenerated cross-references for systemd.directives, do not edit-->
|
||||
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Job"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-interface" generated="True" extra-ref="org.freedesktop.sysupdate1.Job"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-method" generated="True" extra-ref="Cancel()"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Id"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Type"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Offline"/>
|
||||
|
||||
|
||||
<variablelist class="dbus-property" generated="True" extra-ref="Progress"/>
|
||||
|
||||
|
||||
<!--End of Autogenerated section-->
|
||||
|
||||
|
||||
<refsect2>
|
||||
<title>Methods</title>
|
||||
|
||||
<para>The <function>Cancel()</function> method may be used to cancel the job. It takes no
|
||||
parameters.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Properties</title>
|
||||
|
||||
<para>The <varname>Id</varname> property exposes the numeric job ID of the job object.</para>
|
||||
|
||||
<para>The <varname>Type</varname> property exposes the type of operation (one of: <literal>list</literal>,
|
||||
<literal>describe</literal>, <literal>check-new</literal>, <literal>update</literal>, or <literal>vacuum</literal>).
|
||||
</para>
|
||||
|
||||
<para>The <varname>Offline</varname> property exposes whether the job is permitted to access
|
||||
the network or not.</para>
|
||||
|
||||
<para>The <varname>Progress</varname> property exposes the current progress of the job as a value
|
||||
between 0 and 100. It is only available for <literal>update</literal> jobs; for all other jobs
|
||||
it is always 0.</para>
|
||||
</refsect2>
|
||||
|
||||
<refsect2>
|
||||
<title>Security</title>
|
||||
|
||||
<para><function>Cancel()</function> uses the polkit action that corresponds to the method
|
||||
that started this job. For instance, trying to cancel a <literal>list</literal> job will
|
||||
require polkit to permit the <interfacename>org.freedesktop.sysupdate1.check</interfacename>
|
||||
action.</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Examples</title>
|
||||
|
||||
<example>
|
||||
<title>Introspect <interfacename>org.freedesktop.sysupdate1.Manager</interfacename> on the bus</title>
|
||||
|
||||
<programlisting>$ gdbus introspect --system \
|
||||
--dest org.freedesktop.sysupdate1 \
|
||||
--object-path /org/freedesktop/sysupdate1
|
||||
</programlisting>
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<title>Introspect <interfacename>org.freedesktop.sysupdate1.Target</interfacename> on the bus</title>
|
||||
|
||||
<programlisting>$ gdbus introspect --system \
|
||||
--dest org.freedesktop.sysupdate1 \
|
||||
--object-path /org/freedesktop/sysupdate1/target/host
|
||||
</programlisting>
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<title>Introspect <interfacename>org.freedesktop.sysupdate1.Job</interfacename> on the bus</title>
|
||||
|
||||
<programlisting>$ gdbus introspect --system \
|
||||
--dest org.freedesktop.sysupdate1 \
|
||||
--object-path /org/freedesktop/sysupdate1/job/_1
|
||||
</programlisting>
|
||||
</example>
|
||||
</refsect1>
|
||||
|
||||
<xi:include href="org.freedesktop.locale1.xml" xpointer="versioning"/>
|
||||
<refsect1>
|
||||
<title>History</title>
|
||||
<refsect2>
|
||||
<title>The Manager Object</title>
|
||||
<para><function>ListTargets()</function>,
|
||||
<function>ListJobs()</function>,
|
||||
<function>ListAppStream()</function>, and
|
||||
<function>JobRemoved()</function> were added in version 257.</para>
|
||||
</refsect2>
|
||||
<refsect2>
|
||||
<title>The Target Object</title>
|
||||
<para><function>List()</function>,
|
||||
<function>Describe()</function>,
|
||||
<function>CheckNew()</function>,
|
||||
<function>Update()</function>,
|
||||
<function>Vacuum()</function>,
|
||||
<function>GetAppStream()</function>,
|
||||
<function>GetVersion()</function>,
|
||||
<varname>Class</varname>,
|
||||
<varname>Name</varname>, and
|
||||
<varname>Path</varname> were added in version 257.</para>
|
||||
</refsect2>
|
||||
<refsect2>
|
||||
<title>The Job Object</title>
|
||||
<para><function>Cancel()</function>,
|
||||
<varname>Id</varname>,
|
||||
<varname>Type</varname>,
|
||||
<varname>Offline</varname>, and
|
||||
<varname>Progress</varname> were added in version 257.</para>
|
||||
</refsect2>
|
||||
</refsect1>
|
||||
</refentry>
|
@ -65,6 +65,7 @@ manpages = [
|
||||
['org.freedesktop.portable1', '5', [], 'ENABLE_PORTABLED'],
|
||||
['org.freedesktop.resolve1', '5', [], 'ENABLE_RESOLVE'],
|
||||
['org.freedesktop.systemd1', '5', [], ''],
|
||||
['org.freedesktop.sysupdate1', '5', [], 'ENABLE_SYSUPDATE'],
|
||||
['org.freedesktop.timedate1', '5', [], 'ENABLE_TIMEDATED'],
|
||||
['os-release', '5', ['extension-release', 'initrd-release'], ''],
|
||||
['pam_systemd', '8', [], 'HAVE_PAM'],
|
||||
@ -1100,6 +1101,10 @@ manpages = [
|
||||
'systemd-sysupdate.service',
|
||||
'systemd-sysupdate.timer'],
|
||||
'ENABLE_SYSUPDATE'],
|
||||
['systemd-sysupdated.service',
|
||||
'8',
|
||||
['systemd-sysupdated'],
|
||||
'ENABLE_SYSUPDATE'],
|
||||
['systemd-sysusers', '8', ['systemd-sysusers.service'], ''],
|
||||
['systemd-sysv-generator', '8', [], 'HAVE_SYSV_COMPAT'],
|
||||
['systemd-time-wait-sync.service',
|
||||
|
@ -322,6 +322,7 @@
|
||||
<para><simplelist type="inline">
|
||||
<member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>sysupdate.d</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-sysupdated.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
<member><citerefentry><refentrytitle>systemd-repart</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
|
||||
</simplelist></para>
|
||||
</refsect1>
|
||||
|
54
man/systemd-sysupdated.service.xml
Normal file
54
man/systemd-sysupdated.service.xml
Normal file
@ -0,0 +1,54 @@
|
||||
<?xml version='1.0'?> <!--*-nxml-*-->
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||||
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
||||
|
||||
<refentry id="systemd-sysupdated.service" conditional='ENABLE_SYSUPDATE'>
|
||||
|
||||
<refentryinfo>
|
||||
<title>systemd-sysupdated.service</title>
|
||||
<productname>systemd</productname>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>systemd-sysupdated.service</refentrytitle>
|
||||
<manvolnum>8</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>systemd-sysupdated.service</refname>
|
||||
<refname>systemd-sysupdated</refname>
|
||||
<refpurpose>System Update Service</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsynopsisdiv>
|
||||
<para><filename>systemd-sysupdated.service</filename></para>
|
||||
<para><filename>/usr/lib/systemd/systemd-sysupdated</filename></para>
|
||||
</refsynopsisdiv>
|
||||
|
||||
<refsect1>
|
||||
<title>Description</title>
|
||||
|
||||
<para><command>systemd-sysupdated</command> is a system service that allows unprivileged
|
||||
clients to update the system. It works by scanning the system for updateable "targets" (i.e.
|
||||
portable services, sysexts, sysupdate components, etc.) and exposing them on the bus. Each
|
||||
target then has methods that translate directly into invocations of
|
||||
<citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
||||
</para>
|
||||
|
||||
<para>See
|
||||
<citerefentry><refentrytitle>org.freedesktop.sysupdate1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
and
|
||||
<citerefentry><refentrytitle>org.freedesktop.LogControl1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
for a description of the D-Bus API.</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>See Also</title>
|
||||
<para>
|
||||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||
<citerefentry><refentrytitle>systemd-sysupdate</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
@ -277,6 +277,7 @@ conf.set_quoted('SYSTEMD_LANGUAGE_FALLBACK_MAP', pkgdatadir / 'lang
|
||||
conf.set_quoted('SYSTEMD_MAKEFS_PATH', libexecdir / 'systemd-makefs')
|
||||
conf.set_quoted('SYSTEMD_PULL_PATH', libexecdir / 'systemd-pull')
|
||||
conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH', libexecdir / 'systemd-shutdown')
|
||||
conf.set_quoted('SYSTEMD_SYSUPDATE_PATH', libexecdir / 'systemd-sysupdate')
|
||||
conf.set_quoted('SYSTEMD_TEST_DATA', testdata_dir)
|
||||
conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', bindir / 'systemd-tty-ask-password-agent')
|
||||
conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH', libexecdir / 'systemd-update-helper')
|
||||
|
@ -11,5 +11,6 @@ src/machine/org.freedesktop.machine1.policy
|
||||
src/network/org.freedesktop.network1.policy
|
||||
src/portable/org.freedesktop.portable1.policy
|
||||
src/resolve/org.freedesktop.resolve1.policy
|
||||
src/sysupdate/org.freedesktop.sysupdate1.policy
|
||||
src/timedate/org.freedesktop.timedate1.policy
|
||||
src/core/dbus-unit.c
|
||||
|
@ -63,6 +63,12 @@ const BusLocator* const bus_systemd_mgr = &(BusLocator){
|
||||
.interface = "org.freedesktop.systemd1.Manager"
|
||||
};
|
||||
|
||||
const BusLocator* const bus_sysupdate_mgr = &(BusLocator){
|
||||
.destination = "org.freedesktop.sysupdate1",
|
||||
.path = "/org/freedesktop/sysupdate1",
|
||||
.interface = "org.freedesktop.sysupdate1.Manager"
|
||||
};
|
||||
|
||||
const BusLocator* const bus_timedate = &(BusLocator){
|
||||
.destination = "org.freedesktop.timedate1",
|
||||
.path = "/org/freedesktop/timedate1",
|
||||
|
@ -20,6 +20,7 @@ extern const BusLocator* const bus_oom_mgr;
|
||||
extern const BusLocator* const bus_portable_mgr;
|
||||
extern const BusLocator* const bus_resolve_mgr;
|
||||
extern const BusLocator* const bus_systemd_mgr;
|
||||
extern const BusLocator* const bus_sysupdate_mgr;
|
||||
extern const BusLocator* const bus_timedate;
|
||||
extern const BusLocator* const bus_timesync_mgr;
|
||||
|
||||
|
@ -30,4 +30,20 @@ executables += [
|
||||
threads,
|
||||
],
|
||||
},
|
||||
libexec_template + {
|
||||
'name' : 'systemd-sysupdated',
|
||||
'dbus' : true,
|
||||
'conditions' : ['ENABLE_SYSUPDATE'],
|
||||
'sources' : files('sysupdated.c'),
|
||||
'dependencies' : threads,
|
||||
},
|
||||
]
|
||||
|
||||
if conf.get('ENABLE_SYSUPDATE') == 1
|
||||
install_data('org.freedesktop.sysupdate1.conf',
|
||||
install_dir : dbuspolicydir)
|
||||
install_data('org.freedesktop.sysupdate1.service',
|
||||
install_dir : dbussystemservicedir)
|
||||
install_data('org.freedesktop.sysupdate1.policy',
|
||||
install_dir : polkitpolicydir)
|
||||
endif
|
||||
|
88
src/sysupdate/org.freedesktop.sysupdate1.conf
Normal file
88
src/sysupdate/org.freedesktop.sysupdate1.conf
Normal file
@ -0,0 +1,88 @@
|
||||
<?xml version="1.0"?> <!--*-nxml-*-->
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"https://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
|
||||
<!--
|
||||
SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
This file is part of systemd.
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
-->
|
||||
|
||||
<busconfig>
|
||||
|
||||
<policy user="root">
|
||||
<allow own="org.freedesktop.sysupdate1"/>
|
||||
<allow send_destination="org.freedesktop.sysupdate1"/>
|
||||
<allow receive_sender="org.freedesktop.sysupdate1"/>
|
||||
</policy>
|
||||
|
||||
<policy context="default">
|
||||
<deny send_destination="org.freedesktop.sysupdate1"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.DBus.Introspectable"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.DBus.Peer"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.DBus.Properties"
|
||||
send_member="Get"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.DBus.Properties"
|
||||
send_member="GetAll"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Manager"
|
||||
send_member="ListTargets"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Manager"
|
||||
send_member="ListJobs"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Manager"
|
||||
send_member="ListAppStream"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="List"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="Describe"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="CheckNew"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="Update"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="Vacuum"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="GetAppstream"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Target"
|
||||
send_member="GetVersion"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.sysupdate1"
|
||||
send_interface="org.freedesktop.sysupdate1.Job"
|
||||
send_member="Cancel"/>
|
||||
|
||||
<allow receive_sender="org.freedesktop.sysupdate1"/>
|
||||
</policy>
|
||||
|
||||
</busconfig>
|
74
src/sysupdate/org.freedesktop.sysupdate1.policy
Normal file
74
src/sysupdate/org.freedesktop.sysupdate1.policy
Normal file
@ -0,0 +1,74 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> <!--*-nxml-*-->
|
||||
<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
||||
"https://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
||||
|
||||
<!--
|
||||
SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
|
||||
This file is part of systemd.
|
||||
|
||||
systemd is free software; you can redistribute it and/or modify it
|
||||
under the terms of the GNU Lesser General Public License as published by
|
||||
the Free Software Foundation; either version 2.1 of the License, or
|
||||
(at your option) any later version.
|
||||
-->
|
||||
|
||||
<policyconfig>
|
||||
|
||||
<vendor>The systemd Project</vendor>
|
||||
<vendor_url>https://systemd.io</vendor_url>
|
||||
|
||||
<!--
|
||||
SECURITY: the default policy allows any user with an active session on the local console to check
|
||||
for updates and update the system to the latest version without extra authentication.
|
||||
Depending on the use case it might make sense to request authentication here, or add a polkit
|
||||
rule to only allow access to these actions for members of a given group.
|
||||
|
||||
The default policy matches prior art in distributions and system update managers. To update a
|
||||
system, for example: packagekit requires only a user with an active session, eos-updater needs
|
||||
a user at the console, and rpm-ostree (generally) needs an "administrative user" at the computer.
|
||||
Without this default, distributions hoping to use sysupdate as an update mechanism will have to
|
||||
set the policy to it anyhow.
|
||||
-->
|
||||
|
||||
<action id="org.freedesktop.sysupdate1.check">
|
||||
<description gettext-domain="systemd">Check for system updates</description>
|
||||
<message gettext-domain="systemd">Authentication is required to check for system updates</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.sysupdate1.update">
|
||||
<description gettext-domain="systemd">Install system updates</description>
|
||||
<message gettext-domain="systemd">Authentication is required to install system updates</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>yes</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.sysupdate1.update-to-version">
|
||||
<description gettext-domain="systemd">Install specific system version</description>
|
||||
<message gettext-domain="systemd">Authentication is required to update the system to a specific (possibly old) version</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.sysupdate1.vacuum">
|
||||
<description gettext-domain="systemd">Cleanup old system updates</description>
|
||||
<message gettext-domain="systemd">Authentication is required to cleanup old system updates</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
</action>
|
||||
|
||||
</policyconfig>
|
14
src/sysupdate/org.freedesktop.sysupdate1.service
Normal file
14
src/sysupdate/org.freedesktop.sysupdate1.service
Normal file
@ -0,0 +1,14 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
[D-BUS Service]
|
||||
Name=org.freedesktop.sysupdate1
|
||||
Exec=/bin/false
|
||||
User=root
|
||||
SystemdService=dbus-org.freedesktop.sysupdate1.service
|
@ -3,3 +3,5 @@
|
||||
#pragma once
|
||||
|
||||
int reboot_now(void);
|
||||
|
||||
#define SD_SYSTEMD_SYSUPDATE_OFFLINE (UINT64_C(1) << 0)
|
||||
|
@ -1543,7 +1543,7 @@ static int run(int argc, char *argv[]) {
|
||||
return r;
|
||||
|
||||
/* SIGCHLD signal must be blocked for sd_event_add_child to work */
|
||||
BLOCK_SIGNALS(SIGCHLD);
|
||||
assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGCHLD) >= 0);
|
||||
|
||||
return sysupdate_main(argc, argv);
|
||||
}
|
||||
|
1911
src/sysupdate/sysupdated.c
Normal file
1911
src/sysupdate/sysupdated.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -640,6 +640,11 @@ units = [
|
||||
'file' : 'systemd-sysupdate.service.in',
|
||||
'conditions' : ['ENABLE_SYSUPDATE'],
|
||||
},
|
||||
{
|
||||
'file' : 'systemd-sysupdated.service.in',
|
||||
'conditions' : ['ENABLE_SYSUPDATE'],
|
||||
'symlinks' : ['dbus-org.freedesktop.sysupdate1.service'],
|
||||
},
|
||||
{
|
||||
'file' : 'systemd-sysupdate.timer',
|
||||
'conditions' : ['ENABLE_SYSUPDATE'],
|
||||
|
30
units/systemd-sysupdated.service.in
Normal file
30
units/systemd-sysupdated.service.in
Normal file
@ -0,0 +1,30 @@
|
||||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
#
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
[Unit]
|
||||
Description=System Update Service
|
||||
Documentation=man:systemd-sysupdated.service(8)
|
||||
Documentation=man:org.freedesktop.sysupdate1(5)
|
||||
|
||||
[Service]
|
||||
ExecStart={{LIBEXECDIR}}/systemd-sysupdated
|
||||
BusName=org.freedesktop.sysupdate1
|
||||
KillMode=mixed
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE
|
||||
NoNewPrivileges=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
ProtectHostname=yes
|
||||
RestrictRealtime=yes
|
||||
RestrictNamespaces=net
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
SystemCallFilter=@system-service @mount
|
||||
SystemCallErrorNumber=EPERM
|
||||
SystemCallArchitectures=native
|
||||
LockPersonality=yes
|
||||
{{SERVICE_WATCHDOG}}
|
Loading…
Reference in New Issue
Block a user