Commit Graph

53345 Commits

Author SHA1 Message Date
Lennart Poettering
41a978fdb1
Merge pull request #20676 from gogsbread/sysctl-minimize-sideeffect
sysctl: minimize side effects when running `systemd-sysctl`
2021-09-29 09:17:48 +02:00
Antony Deepak Thomas
ab14aa23ae sysctl-util: minimize side-effects when running systemd-sysctl
Currently `systemd-sysctl` binary is used in `systemd-sysctl.service`
which is mostly configured as `oneshot`. There are situations where one
would like to use systemd to maintain Sysctl configurations on a host,
using a configuration managers such as Chef or Puppet, by apply
configurations every X duration.
The problem with using `systemd-sysctl` is that it writes all the Sysctl
settings, even if the values for those settings have not changed. From
experience, we have observed that some Sysctl settings cause actions in
the kernel upon writing(like dropping caches) which in turn cause
undesired side effects.
This patch tries to minimize such side effects by comparing values
before writing.
2021-09-29 13:07:47 +09:00
Antony Deepak Thomas
e565cfd2eb fileio: introduce new mode to suppress writing the same value 2021-09-29 13:06:25 +09:00
Antony Deepak Thomas
8034b42ca6 string-util: introduce streq_skip_trailing_chars() 2021-09-29 12:57:30 +09:00
Antony Deepak Thomas
46a0f5cac8 fileio: introduce read_virtual_file_fd() 2021-09-29 12:47:49 +09:00
Yu Watanabe
83455d0c8b
Merge pull request #20865 from keszybz/meson-net-naming-definitions
Allow defining new naming scheme entries as configuration time
2021-09-29 12:29:14 +09:00
Frantisek Sumsal
ecea250d77 core: fix the return type for xxx_running_timeout() functions
otherwise we might return an invalid value, since `usec_t` is 64-bit,
whereas `int` might not be.

Follow-up to: 5918a93
Fixes: #20872
2021-09-29 12:28:21 +09:00
Yu Watanabe
17373589f3
Merge pull request #20860 from yuwata/libsystemd-network-get-ifname-negative-errno
libsystemd-network: make sd_dhcp_client_get_ifname() or friends return negative errno
2021-09-29 12:27:01 +09:00
Lennart Poettering
5b81fa7ae1
Merge pull request #20870 from jwrdegoede/hwdb-2-accel-quirks
Hwdb 2 accel quirks
2021-09-28 23:13:54 +02:00
Lennart Poettering
ca3f47eff3
Merge pull request #20691 from poettering/gpt-sig
dissect: add support for GPT images with embedded dm-verity signatures
2021-09-28 20:52:01 +02:00
Yu Watanabe
5977b71f28 libsystemd-network: make sd_dhcp_client_get_ifname() or friends return negative errno on error 2021-09-29 03:37:09 +09:00
Yu Watanabe
01afd0f7f5 tree-wide: make format_ifname() or friends return negative errno on failure
Also,
- drop unnecessary +1 from buffer size, as IF_NAMESIZE or IFNAMSIZ
  includes the nul at the end.
- format_ifname() does not update buffer on failure,
- introduces format_ifname_alloc(), FORMAT_IFNAME(), and their friends.
2021-09-29 03:37:06 +09:00
Hans de Goede
ddd19fce8a hwdb: Add accel orientation quirk for the Cyberbook T116 tablet
Add a quirk for the accelerometer orientation for the
Cyberbook T116 rugged tablet.
2021-09-28 19:50:27 +02:00
Hans de Goede
2bdc8dc341 hwdb: Add accel orientation quirk for the Chuwi Hi10 Plus (CWI527)
Add a quirk for the accelerometer orientation for the
Chuwi Hi10 Plus (CWI527) tablet.
2021-09-28 19:50:27 +02:00
Lennart Poettering
636c8a1f55 update TODO 2021-09-28 17:06:51 +02:00
Lennart Poettering
2c424ee0aa tests: extend TEST-50-DISSECT to look for verity signatures 2021-09-28 17:06:45 +02:00
Lennart Poettering
54dcf847b1 docs: document the three new env vars for tweaking GPT dissection/validation 2021-09-28 17:03:44 +02:00
Lennart Poettering
77617993ee docs: document the new Verity signature partition type, and its UUIDs 2021-09-28 17:03:39 +02:00
Lennart Poettering
c2fa92e7e8 dissect-image: optionally, validate dm-verity signatures in userspace
Getting certificates for dm-verity roothash signing into the trusted
kernel keychain is a royal PITA (means recompiling or rebooting with
shim), hence let's add a minimal userspace PKCS7 validation as well.

The mechanism is really simple and compatible with the verification the
kernel does. The only difference is that the certificates are searched
in /etc/verity.d/*.crt (and similar dirs in /usr/lib/, …).

We'll first try validation by passing the PKCS#7 data to the kernel, but
if that doesn't work we'll see if one of the certificates found that way
works and then attempt to attach the image without passing the PKCS#7
data to the kernel.

This makes it very easy to have fully validated GPT disk images. For
example, just copy the 'mkosi.secure-boot.crt' file you have in your
mkosi build dir to /etc/verity.d/ and things should just work.
2021-09-28 17:03:31 +02:00
Lennart Poettering
d5fcc5b053 dissect-image: add env var for disabling "sidecar" loading of verity params
Just to make debugging easier.
2021-09-28 17:03:26 +02:00
Lennart Poettering
88b3300fdc dissect-image: load embedded verity signature info from image
This adds support for actually using embedded signature data from
partitions.
2021-09-28 17:02:54 +02:00
Lennart Poettering
8ee9615e10 dissect-image: discover verity signature partitions
This doesn't make use of the discovered partitions yet, but it finds
them at least.
2021-09-28 17:02:27 +02:00
Lennart Poettering
1420cfb4b4 gpt: add partition type for PKCS#7 signatures for root hashes 2021-09-28 17:01:29 +02:00
Lennart Poettering
1641c2b112 cryptsetup: handle more gracefully if "keyslots" LUKS2 JSON header field is invalid
The field is not owned by us (even though is in our JSON objects) but by
the LUKS2 spec. Hence let's handle this a bit more gracefully: let's not
get confused by it, just warn and skip over it.

Fixes: #20847
2021-09-28 16:47:08 +02:00
Albert Brox
5918a93355 core: implement RuntimeMaxDeltaSec directive 2021-09-28 16:46:20 +02:00
Daan De Meyer
64782655e1 mkosi: Remove build script umask workaround
A fix for this landed in meson 3 years ago so the workaround in the
build script can now be removed (https://github.com/mesonbuild/meson/pull/3225).
2021-09-28 23:09:11 +09:00
alexlzhu
8c35c10d20 core: Add ExecSearchPath parameter to specify the directory relative to which binaries executed by Exec*= should be found
Currently there does not exist a way to specify a path relative to which
all binaries executed by Exec should be found. The only way is to
specify the absolute path.

This change implements the functionality to specify a path relative to which
binaries executed by Exec*= can be found.

Closes #6308
2021-09-28 14:52:27 +01:00
Zbigniew Jędrzejewski-Szmek
681cb84a63 meson: allow extra net naming schemes to be defined during configuration
In upstream, we have a linearly-growing list of net-naming-scheme defines;
we add a new one for every release where we make user-visible changes to the
naming scheme.

But the general idea was that downstream distributions could define their
own combinations (or even just their own names for existing combinations),
so provide stability for their users. So far this required patching of the
netif-naming-scheme.c and .h files to add the new lines.

With this patch, patching is not required:

$ meson configure build \
  -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash \
  -Ddefault-net-naming-scheme=gargoyle2

or even

$ meson configure build \
  -Dextra-net-naming-schemes=gargoyle=v238+npar_ari+allow_rerenames,gargoyle2=gargoyle+nspawn_long_hash,latest=v249 \
  -Ddefault-net-naming-scheme=gargoyle2

The syntax is a comma-separated list of NAME=name+name+…
This syntax is a bit scary, but any typos result in compilation errors,
so I think it should be OK in practice.

With this approach, we don't allow users to define arbitrary combinations:
what is allowed is still defined at compilation time, so it's up to the
distribution maintainers to provide reasonable combinations. In this regard,
the only difference from status quo is that it's much easier to do (and harder
to do incorrectly, for example by forgetting to add a name to one of the
maps).
2021-09-28 14:22:40 +02:00
Zbigniew Jędrzejewski-Szmek
77faadfdd3 meson: drop the list of valid net naming schemes
We used 'combo' type for the scheme list. For a while we forgot to add
new names, and recently aa0a23ec86 added v241, v243, v245, and v247.
I want to allow defining new values during configuration, which means
that we can't use meson to verify the list of options. So any value is
allowed, but then two tests are added: one that will fail compilation if some
invalid name is given (other than "latest"), and one that converts
DEFAULT_NET_NAMING_SCHEME to a NamingScheme pointer.
2021-09-28 14:22:37 +02:00
Zbigniew Jędrzejewski-Szmek
5b32e48f6e
Merge pull request #20837 from bluca/coveralls
CI: add code coverage reports via lcov and coveralls.io
2021-09-28 13:45:59 +02:00
Yu Watanabe
545c30c9ba
Merge pull request #20861 from yuwata/sd-lldp-rx-cleanups
sd-lldp-rx: several trivial cleanups
2021-09-28 20:22:21 +09:00
Zbigniew Jędrzejewski-Szmek
acaa636866 netif-naming: inline one iterator variable 2021-09-28 12:26:09 +02:00
Yu Watanabe
35777f5178 sd-lldp-rx: make lldp_rx_free() and lldp_neighbor_free() accept NULL 2021-09-28 17:55:19 +09:00
Yu Watanabe
92466b8da2 sd-lldp-rx: sd_event should be attached when lldp_rx_start_timer() is called 2021-09-28 17:55:19 +09:00
Yu Watanabe
3e4a202519 sd-lldp-rx: do not enable timer event source in sd_lldp_rx_get_neighbors()
It must be just a simple getter.
2021-09-28 17:55:19 +09:00
Yu Watanabe
0cd7e072b4 sd-lldp-rx: use _cleanup_ attribute at one more place 2021-09-28 17:55:19 +09:00
Yu Watanabe
71c4f7e895 sd-lldp-rx: wrap long line 2021-09-28 17:55:19 +09:00
Yu Watanabe
90496cc68c sd-lldp-rx: add missing assertions 2021-09-28 17:55:19 +09:00
Yu Watanabe
b0a67b202d sd-lldp-rx: delay allocating hashmap and prioq to store neighbors 2021-09-28 17:55:16 +09:00
Yu Watanabe
5bff20ea62 prioq: introduce prioq_ensure_put() 2021-09-28 15:15:12 +09:00
Yu Watanabe
aa3f8d4ca1 sd-lldp-rx: ensure no event will be triggered after sd_lldp_rx_detach_event() is called 2021-09-28 15:07:37 +09:00
Yu Watanabe
e9ea43136c sd-lldp-rx: add comments about the three multicast addresses 2021-09-28 15:07:13 +09:00
Yu Watanabe
b5dce07a5e sd-lldp-rx: introduce sd_lldp_rx_is_running() 2021-09-28 14:51:24 +09:00
Yu Watanabe
4be699a8db sd-lldp-rx: ignore all errors in processing datagram 2021-09-28 14:44:12 +09:00
Yu Watanabe
07db7f6bb8
Merge pull request #20846 from yuwata/sd-lldp-tx
network: move LLDP transmission feature to libsystemd-network
2021-09-28 11:29:34 +09:00
Yu Watanabe
bed159888e
Merge pull request #20855 from dannf/update-net-name-schemes
Update net name schemes
2021-09-28 11:28:07 +09:00
Lennart Poettering
a50dadf2fd resolved: suppress writing DNS server info into /etc/resolv.conf for non-standard UDP ports
glibc doesn't support this, hence don#t generate it.

Fixes: #20836
2021-09-28 11:27:36 +09:00
Luca Boccassi
3542da2442 parse-util: prefix load average macros with LOAD_AVG_
Follow-up for #20839
2021-09-27 20:34:41 +02:00
dann frazier
c3138b46bc Remind developers to update the list of net naming schemes that can be selected as a build-time defaults. 2021-09-27 11:12:32 -06:00
dann frazier
aa0a23ec86 Add remaining supported schemes as options for default-net-naming-scheme 2021-09-27 11:12:22 -06:00