Commit Graph

53566 Commits

Author SHA1 Message Date
Luca Boccassi
1fc8d0c9dd basic: remove khash helpers
No longer used anywhere. So long, and thanks for all the hashes!
2021-10-08 13:11:00 +01:00
Luca Boccassi
ec4afb4606 libsystemd/sd-id128: use only internal hmac, remove khash/OpenSSL support
Using OpenSSL brings in an additional dependency for all users of
libsystemd.so even though it's just one API that makes use of it.

The khash implementation is awkward as it requires context switches and
computation inside the kernel, thus leaving the process.

Remove both from libsystemd.so, and use exclusively the internal hmac fallback.
While this is not optimized, the sd-id128 API is not used in
performance-critical contexts where hardware acceleration would make a
noticeable difference.
2021-10-08 13:11:00 +01:00
Luca Boccassi
8d39bff4e3 basic: add hmac_sha256 implementation
Based on the FIPS 198 specification. Not optimized and probably
completely unsafe, to be used only for non-strong-cryptographic
purposes when OpenSSL cannot be used.
2021-10-08 13:11:00 +01:00
Luca Boccassi
6eb736727a boot/sha256: sd-ify and move to src/fundamental 2021-10-08 13:11:00 +01:00
Luca Boccassi
5d8a725b08 fundamental: define size_t and memcpy for sd-boot 2021-10-08 13:07:00 +01:00
Daan De Meyer
d888ef68d1 coredump: Add --all option
This option has coredumpctl look at all journals instead of only the
local ones. This allows coredumpctl to show information about remote
coredumps if the coredumps are made available in /var/lib/systemd/coredump
and the corresponding journals are made available in /var/log/journal.

This is already possible using the --directory option but --all makes it
more user friendly since users don't have to enter the journal directory
anymore as long as it's available under /var/log/journal.
2021-10-07 22:13:12 +02:00
Lennart Poettering
7cfe9ec983
Merge pull request #20910 from poettering/nftw-no-more
basic: add recurse_dir() function as modern replacement for nftw()
2021-10-07 22:12:41 +02:00
Luca Boccassi
2eacd9a7b6 network: assert on dereferenced pointer
CID#1462762
2021-10-07 22:12:19 +02:00
Yu Watanabe
6830c3a553
Merge pull request #20778 from yuwata/network-ipv6-token
network: rework IPv6 address generation mode
2021-10-07 23:24:00 +09:00
Lennart Poettering
17175882d7 homed: typo fix 2021-10-07 15:43:27 +02:00
Lennart Poettering
da3ab57cbc update TODO 2021-10-07 15:43:24 +02:00
Lennart Poettering
4c737f4ef1
Merge pull request #20948 from poettering/cgls-xattr
cgls: show cgroup id and xattr info in output
2021-10-07 15:25:03 +02:00
Lennart Poettering
f04d0575c9 update TODO 2021-10-07 11:59:23 +02:00
Lennart Poettering
aea0fe53ae mount-setup: port from nftw() to recurse_dir() 2021-10-07 11:59:23 +02:00
Lennart Poettering
fef4fe1a84 kbd-util: port from nftw() to recurse_dir() 2021-10-07 11:59:23 +02:00
Lennart Poettering
8e5aba7aca cgroup-util: port from nftw() to recurse_dir() 2021-10-07 11:59:23 +02:00
Lennart Poettering
79a72b1bf8 kmod-setup: port from nftw() to recurse_dir() 2021-10-07 11:58:26 +02:00
Lennart Poettering
ced9fde1be tests: add test for recurse_dir() 2021-10-07 11:58:26 +02:00
Lennart Poettering
b5a07e524e basic: add new recurse_dir() tool as replacement for nftw()
libc nftw() shows its age a bit, let's replace it with a more moden
infra that is built around openat(), O_PATH, statx(). This makes the
interface less prone to races and cleans up the API a bit adding
substantially more functionality.
2021-10-07 11:58:26 +02:00
Lennart Poettering
edcd27dcaf tree-wide: remove a few unnecessary inclusions of ftw.h 2021-10-07 11:58:26 +02:00
Lennart Poettering
823d72c7f7 fileio: add shortcut for xopendirat() when called in opendir() compatible mode 2021-10-07 11:58:26 +02:00
Lennart Poettering
21d46382e0 dirent-util: split out new function stat_mode_to_dirent_type()
This contains the mapping between mode_t inode type flags and dirent's
d_type. Splitting this out allows us to use the mapping elsewhere later.
2021-10-07 11:58:26 +02:00
Lennart Poettering
d83a8ed002 bash-completion: add the two new switches to systemd-cgls
(completion hookup for zsh doesn't appear to exist, hence not adding
there.)
2021-10-07 11:51:10 +02:00
Lennart Poettering
bd3bfc8856 man: document the two new switches for systemd-cgls 2021-10-07 11:50:52 +02:00
Lennart Poettering
87843de48b cgls: enable cgroupid/xattr output by default (but make it configurable) 2021-10-07 11:50:47 +02:00
Lennart Poettering
5a5a5d2914 cgroups-show: optionally show cgroup xattrs + cgroup id in cgroup tree output 2021-10-07 11:50:42 +02:00
Lennart Poettering
aa13d38417 cgroups-show: use path_join() when concatenating cgroup paths 2021-10-07 11:50:02 +02:00
Lennart Poettering
40d4320dea cgroups-show: validate specified hostname before including it in fs path
let's make sure the specified hostname is really valid before we build
an fs path from it. Just as a safety future, so that people can't trick
us with hostnames including "/../" or so.
2021-10-07 11:49:57 +02:00
Lennart Poettering
a5edf95ec2 cgroup-util: add reusable union type for cgroupfs file_handle structs
That way we can easily call name_to_handle_at() on cgroupfs2 elsewhere.
2021-10-07 11:49:44 +02:00
Lennart Poettering
c53e07e249 xattr-util: merge various getxattr()/listxattr() helpers into getxattr_at_malloc() + listxattr_at_malloc()
Unfortunately fgetxattr() and flistxattr() don't work via O_PATH fds.
Let's thus add fallbacks to go via /proc/self/fd/ in these cases.

Also, let's merge all the various flavours we have here into singular
implementations that can do everything we need:

1. malloc() loop handling
2. by fd, by path, or combination (i.e. a proper openat() like API)
3. work on O_PATH
2021-10-07 11:49:22 +02:00
Luca Boccassi
c9d1c37c93 test: make OpenSSL checks optional in TEST-50-DISSECT
If the packages are built without libssl simply skip the signature
checks.

Oct 06 21:21:32 H systemd[1]: systemd 249.1249.gcc4df1f787.0 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS -OPENSSL
...
Oct 06 21:22:21 H systemd[459]: Activation of signed Verity volume worked neither via the kernel nor in userspace, can't activate.

Follow-up for #20691
2021-10-07 08:41:33 +02:00
Luca Boccassi
0cf250022c
Merge pull request #20926 from yuwata/udev-net-wol-sopass
udev/net: introduce WakeOnLanPassword=
2021-10-06 23:36:05 +01:00
Frantisek Sumsal
f415cdb372 test: test udev with a _very_ long device name
Let's attempt to provide some coverage for #16161, #6867, and similar.
2021-10-07 03:17:44 +09:00
Daan De Meyer
414bd2e786 coredump: Don't log an error if D-Bus isn't running
coredumpctl could be used in a chroot where D-Bus isn't running. If
that's the case, we shouldn't consider it an error if we can't connect
to the D-Bus daemon so let's reduce the severity of the error we log
when we can't connect to D-Bus because the socket doesn't exist.
2021-10-07 02:23:11 +09:00
Yu Watanabe
d489317f59
Merge pull request #20935 from unusual-thoughts/fix-empty-argv
Fix #20933
2021-10-07 01:53:51 +09:00
Yu Watanabe
d3867133f0 udev/net: introduce WakeOnLanPassword=
Closes #20913.
2021-10-07 01:50:37 +09:00
Yu Watanabe
fe2a8b3d3f test-network: add tests for Token= in [IPv6Prefix] 2021-10-07 01:24:50 +09:00
Yu Watanabe
b48b6bd3b9 test-network: replace deprecated settings 2021-10-07 01:24:50 +09:00
Yu Watanabe
34a3a0c480 network: make generate_eui64_address() static 2021-10-07 01:24:50 +09:00
Yu Watanabe
e609cd0694 network: introduce Token= setting in [IPv6Prefix]
Closes #20149.
2021-10-07 01:24:50 +09:00
Yu Watanabe
f5960e0ab5 network: extend Token= setting in [DHCPv6PrefixDelegation]
Now the setting supports the same syntax as the one in the [IPv6AcceptRA]
section.
2021-10-07 01:24:12 +09:00
Yu Watanabe
140bf8dacc network: introduce Token=eui64
So, now user can explicitly request EUI-64 algorithm to generate addresses.
2021-10-07 01:16:36 +09:00
Yu Watanabe
a73628e647 network: rename IPv6Token= in [Network] -> Token= in [IPv6AcceptRA]
The token is only used by received prefixes through RA.
2021-10-07 01:16:36 +09:00
Yu Watanabe
868bd1aa1c network: address-genereation: introduce generate_addresses()
Preparation for later commits. This does not change functionality.
2021-10-07 01:16:29 +09:00
Yu Watanabe
d207581fc5 network: address-generation: use in6_addr_hash_ops_free
Also, downgrade error level, and caller logs the error.
2021-10-07 01:14:51 +09:00
Yu Watanabe
3bac5fe6c9 network: address-generation: modernize config_parse_address_generation_type()
- drop unused _NONE type,
- rename IPv6Token::prefix -> IPv6Token::address,
- clear unused part of IPv6Token::address,
- use Set, instead of OrderedSet.
2021-10-07 01:14:51 +09:00
Yu Watanabe
ffb834cb87 network: address-generation: mask prefix with prefixlen for safety 2021-10-07 01:14:51 +09:00
Yu Watanabe
98692ff3b8 network: address-generation: always start DAD counter from zero
The token is stored in Network, and the .network file may be applied to
multiple links.
2021-10-07 01:14:51 +09:00
Yu Watanabe
ac77e0b315 network: address-generation: always use the first 64 bits of the prefix
Hopefully, the prefix length is usually 64.

Previously, if the prefix length is smaller than 64, the result address
was undefined.
2021-10-07 01:14:51 +09:00
Yu Watanabe
151b8ea304 network: ndisc: ignore autonomous prefix with prefix length larger than 64 2021-10-07 01:14:47 +09:00