Commit Graph

77555 Commits

Author SHA1 Message Date
Yu Watanabe
82df2e0f04 network: make 'networkctl reconfigure' work safely even when KeepConfiguration=dhcp or yes
Previously, even if KeepConfiguration=dhcp or yes is specified in the
new .network file, dynamic configurations like DHCP address and routes
were dropped when 'networkctl reconfigure INTERFACE' is invoked.

If the setting is specified, let's gracefully handle the dynamic
configurations. Then, 'networkctl reconfigure' can be also used for
an interface that has critical connections.
2024-11-11 11:53:24 +09:00
Yu Watanabe
e8da735ceb network: drop static configs later
Follow-up for dd6d53a8dc.

Unnecessary static configs will be anyway dropped later in
link_configure() -> link_drop_unmanaged_config(). Hence, even if we are
reconfiguring an interface cleanly, it is not necessary to drop static
configs here.
2024-11-11 11:53:24 +09:00
Yu Watanabe
4e76c57c7f network/dhcp-pd: do not remove unreachable route when reconfiguring non-upstream interface
Unreachable routes are not owned by any interfaces, and its ifindex is
zero. Previously, if a non-upstream interface is reconfigured, all routes
including unreachable routes configured by the upstream interface are
removed.

This makes unreachable routes are always handled by the upstream interface,
and only removed when the delegated prefixes are changed or lost.
2024-11-11 11:53:24 +09:00
Yu Watanabe
42152390da network: reorder dropping dynamic configuration
Follow-up for 451c2baf30.
2024-11-11 11:53:24 +09:00
Yu Watanabe
130d66956f test-network: reconfigure interface cleanly to drop previous DHCP lease and friends
Follow-up for 451c2baf30.

With the commits, reloading .network files does not release previously
acquired DHCP lease and friends if possible.

On graceful reconfigure triggered by the reload, the interface may
acquire a new DHCPv4 lease earlier than DHCPv6 lease. In that case,
the check will fail as it is done with the new DHCPv4 lease and old
DHCPv6 lease, which does not contain any IPv6 DNS servers or so.
So, when switching from no -> yes, we need to wait a new lease with DNS
servers or so. To achieve that, we need to clean reconfigure the interface.
2024-11-11 11:53:24 +09:00
Yu Watanabe
52f46b77d7 network: reset 'configured' flags even if we keep DHCP lease and friends on reconfigure
Follow-up for 451c2baf30.

With the commits, reloading .network files does not release previously
acquired DHCP lease and friends if possible. If previously a DHCP client
was configured as not requesting DNS servers or so, then the previously
acquired lease might not contain any DNS servers. In that case, if the
new .network file enables UseDNS=, then the interface should enter the
configured state after a new lease is acquired. To achieve that, we need
to reset the flags.

With this change, the workaround applied to the test by the commit
451c2baf30 can be dropped.
2024-11-11 11:53:24 +09:00
Yu Watanabe
525a582ae8 network: drop unnecessary size specifier
It does not save any memory usage but increase code complexity.
2024-11-11 11:53:24 +09:00
Yu Watanabe
ed3bab7a0e netwrok: call link_drop_unmanaged_config() earlier in link_configure()
Otherwise, even if a link enters the configuring state at the beginning
of link_configure(), link_check_ready() may be called before
link_drop_unmanaged_config() is called, and the link may enter the
configured state.

Fixes #35092.
2024-11-11 11:53:24 +09:00
Yu Watanabe
cf8fd7148c
Various multi-dt fixes and CHID test (#35056)
Part of #34158
2024-11-10 11:19:10 +09:00
12paper
8254755091
login: fix session_kill(..., KILL_LEADER,...) (#35105)
`loginctl kill-session --kill-whom=leader <N>` (or the D-Bus equivalent)
doesn't work because logind ends up calling `KillUnit(..., "main", ...)`
on a scope unit and these don't have a `MainPID` property. Here, I just
make it send a signal to the `Leader` directly.
2024-11-10 11:13:39 +09:00
Valentin David
053452e22b ukify: Fix broken assert when building a signed addon
An assert always expected a kernel when signature key was present in command
line. That prevented building signed addons.

Fixes #35041
2024-11-10 05:44:30 +09:00
Weblate Translation Memory
5cfe76e1d6 po: Translated using Weblate (German)
Currently translated at 93.7% (241 of 257 strings)

Co-authored-by: Weblate Translation Memory <noreply-mt-weblate-translation-memory@weblate.org>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-10 05:40:14 +09:00
Ettore Atalan
bb7e2e4b9d po: Translated using Weblate (German)
Currently translated at 93.7% (241 of 257 strings)

Co-authored-by: Ettore Atalan <atalanttore@googlemail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-10 05:40:14 +09:00
Mike Yuan
e997cfaa73 meson.build: add a few features to summary 2024-11-10 05:39:11 +09:00
Luca Boccassi
6d558e53c9
sysupdate: Bug fixes for target enumeration (#35052)
Fixes a couple of bugs with systemd-sysupdated's target enumeration. See
commit messages for details.











<!-- devel-freezer =
{"comment-id":"2460494553","freezing-tag":"v257-rc1"} -->
2024-11-08 23:21:29 +00:00
Lidong Zhong
2ae79a31b7 udev: skipping empty udev rules file while collecting the stats
To keep align with the logic used in udev_rules_parse_file(), we also
should skip the empty udev rules file while collecting the stats during
manager reload. Otherwise all udev rules files will be parsed again whenever
reloading udev manager with an empty udev rules file. It's time consuming
and the following uevents will fail with timeout.
2024-11-08 23:20:09 +00:00
Lennart Poettering
56933f2073 uid-classification: properly classify *all* container UIDs
A bit confusingly CONTAINER_UID_BASE_MAX is just the maximum *base* UID
for a container. Thus, with the usual 64K UID assignments, the last
actual container UID is CONTAINER_UID_BASE_MAX+0xFFFF.

To make this less confusing define CONTAINER_UID_MIN/MAX that add the
missing extra space.

Also adjust two uses where this was mishandled so far, due to this
confusion.

With this change the UID ranges we default to should properly match what
is documented on https://systemd.io/UIDS-GIDS/.
2024-11-08 23:18:39 +00:00
Zbigniew Jędrzejewski-Szmek
347def981b
News and f41 and formatting (#35078) 2024-11-08 17:17:37 +01:00
Zbigniew Jędrzejewski-Szmek
fe45f8dc9b man: drop whitespace from final <programlisting> lines
In the troff output, this doesn't seem to make any difference. But in the
html output, the whitespace is sometimes preserved, creating an additional
gap before the following content. Drop it everywhere to avoid this.
2024-11-08 14:14:36 +01:00
Yu Watanabe
5261c521e3 mount-util: make path_get_mount_info() work arbitrary inode
Follow-up for d49d95df0a.
Replaces 9a032ec55a.
Fixes #35075.
2024-11-08 13:25:17 +01:00
Franck Bui
514d9e1665 test: install integration-test-setup.sh in testdata/
integration-test-setup.sh is an auxiliary script that tests rely on at
runtime. As such, install the script in testdata/.

Follow-up for af153e36ae.
2024-11-08 12:37:40 +01:00
Lennart Poettering
b480a4c15e update TODO 2024-11-08 10:10:11 +01:00
Lennart Poettering
af3baf174a fs-util: add comment about XO_NOCOW 2024-11-08 09:21:25 +01:00
Ryan Wilson
d8091e1281 Fix PrivatePIDs=yes integration test for kernels with no /proc/scsi 2024-11-08 13:38:35 +09:00
anonymix007
310997d5b4 fundamental: Fix buffer size in get_chid
NUL byte should not be hashed
2024-11-08 00:53:26 +03:00
anonymix007
9f9c847609 fundamental: Fix iteration count in chid_calculate 2024-11-08 00:53:26 +03:00
anonymix007
5d8d7d8e43 fundamental: move string includes from chid-fundamental.c to header 2024-11-08 00:53:26 +03:00
anonymix007
ab7c319268 test: Add chid-fundamental test 2024-11-08 00:53:22 +03:00
Lennart Poettering
0df42ebcd6 sd-varlink: allow that method handles call sd_varlink_close()
It's fine if a method handler closes the connection, deal with it
gracefully.
2024-11-07 22:30:42 +01:00
Daan De Meyer
20c03ed72b
tree-wide: Introduce --certificate-source= option (#35057)
This allows loading the X.509 certificate from an OpenSSL provider
instead of a file system path. This allows loading certficates directly
from hardware tokens instead of having to export them to a file on
disk first.










































<!-- devel-freezer =
{"comment-id":"2460915782","freezing-tag":"v257-rc1"} -->
2024-11-07 21:51:00 +01:00
anonymix007
e266359689 fundamental: Add userspace efi_guid_equal 2024-11-07 22:52:29 +03:00
anonymix007
24677c6787 boot: Fix .dtbauto section number for error reporting 2024-11-07 22:52:29 +03:00
anonymix007
145479f4d0 boot: Fix overflow check for FDT_PROP in devicetree_get_compatible 2024-11-07 22:52:29 +03:00
anonymix007
f935dd74c6 boot: Drop const modifier for smbios_fields and fix smbios_info_done 2024-11-07 22:52:29 +03:00
Daan De Meyer
64cc7ba517 ukify: Introduce --certificate-provider= option
This translates to --certificate-source=provider:<provider> for
signing tools invoked by ukify.
2024-11-07 20:33:08 +01:00
Daan De Meyer
c4bc0fd6de measure: Add pcrpkey verb
This verb writes a public key to stdout extracted from either a public key
path, from a certificate (path or provider) or from a private key (path,
engine, provider). We'll use this in ukify to get rid of the use of the
python cryptography module to convert a private key or certificate to a
public key.
2024-11-07 20:33:08 +01:00
Daan De Meyer
a1d46e3078 tree-wide: Introduce --certificate-source= option
This allows loading the X.509 certificate from an OpenSSL provider
instead of a file system path. This allows loading certficates directly
from hardware tokens instead of having to export them to a file on
disk first.
2024-11-07 20:30:47 +01:00
Daan De Meyer
5619a61829 openssl-util: Set expected object type to private keys
Configures the store to only try to fetch private keys and nothing
else.
2024-11-07 20:24:59 +01:00
Daan De Meyer
4047b99c00 bootctl: Validate private key path 2024-11-07 20:24:59 +01:00
Daan De Meyer
5cca978dae mkosi: Add pytest to tools 2024-11-07 20:24:59 +01:00
Yu Watanabe
dd2bf3141b
Split and rename src/boot (#35068) 2024-11-08 04:13:45 +09:00
Vursc
eb03dffd97 hwdb: fix broken numpad paren keys on Lenovo Thinkbook 16 G6+ 2024 2024-11-08 04:09:55 +09:00
Zbigniew Jędrzejewski-Szmek
56f9a56a6f man: update Fedora links to F41 2024-11-07 16:55:53 +01:00
Zbigniew Jędrzejewski-Szmek
579e905ffe NEWS: add specific versions in key codes entry
This should be easier for folks to consume.

Refs:
https://lists.x.org/archives/xorg-announce/2024-October/003543.html
https://lists.x.org/archives/xorg-announce/2024-October/003544.html
2024-11-07 16:55:53 +01:00
Anselm Schueler
73f4882ef3 po: Translated using Weblate (German)
Currently translated at 89.8% (231 of 257 strings)

Co-authored-by: Anselm Schueler <mail@anselmschueler.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/de/
Translation: systemd/main
2024-11-07 15:48:31 +01:00
Zbigniew Jędrzejewski-Szmek
9a10d7eae5 github: adjust version number in templates
Most people are probably on stable releases, but we don't want to update the
minor version all the time, so just specify 256.x as a hint to fill in the
full version.
2024-11-07 15:39:30 +01:00
Zbigniew Jędrzejewski-Szmek
97318131fd Rename src/boot/efi to just src/boot
I very much dislike the approach in which we were mixing Linux and UEFI C code
in the same subdirectory. No code was shared between two environments. This
layout was created in e7dd673d1e, with the
justification of "being more consistent with the rest of systemd", but I don't
see how it's supposed to be so.

Originally, when the C code was just a single bootctl.c file, this wasn't so
bad. But over time the userspace code grew quite a bit. With the moves done in
previuos commits, the intermediate subdirectory is now empty except for the
efi/ subdir, and this additional subdirectory level doesn't have a good
justification. The components is called "systemd-boot", not "systemd-efi", and
we can remove one level of indentation.
2024-11-07 14:52:06 +01:00
Zbigniew Jędrzejewski-Szmek
5ffff673ac Move systemd-sbsign to its own source subdirectory
It's already two files, and I expect that more will come. It's nicer to give
its own subdirectory to maintain consistent structure.
2024-11-07 14:51:43 +01:00
Zbigniew Jędrzejewski-Szmek
1dabec0056 Move systemd-measure to its own source subdirectory
We have other subdirectories with just a single C file. And I expect
that systemd-measure will only grow over time, adding new functionality.
It's nicer to give its own subdirectory to maintain consistent structure.
2024-11-07 14:50:53 +01:00
Zbigniew Jędrzejewski-Szmek
daf72e8df1 Move bless-boot components to their own source subdirectory 2024-11-07 14:50:41 +01:00