Commit Graph

609 Commits

Author SHA1 Message Date
Felipe Sateler
a381e2b5fd build-sys: explicitly require python3
Otherwise python programs might be run with python2
2016-11-28 15:00:20 -03:00
Zbigniew Jędrzejewski-Szmek
3d4cf7de48 build-sys: check for lz4 in the old and new numbering scheme (#4717)
lz4 upstream decided to switch to an incompatible numbering scheme
(1.7.3 follows 131, to match the so version).
PKG_CHECK_MODULES does not allow two version matches for the same package,
so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
"new" numbers (anything below 10 is assume to be new), once for the "old"
numbers (anything above >= 125). This assumes that the "new" versioning
will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
mature project.

Fixed #4690.
2016-11-23 16:18:30 +01:00
Michael Biebl
06b4eb93ec build-sys: use lowercase consistently in AS_HELP_STRING
We were using a mix of upper and lowercase. Since autoconf's own help
output uses lowercase, use that as well.
2016-11-11 17:05:08 +01:00
Michael Biebl
223dfa1ca9 build-sys: replace obsolete AC_HELP_STRING with AS_HELP_STRING
The AC_HELP_STRING autoconf macro is obsolete. Use AS_HELP_STRING instead.
2016-11-11 16:41:26 +01:00
Michael Biebl
784751dfc6 build-sys: fix help text of bzip2 configure check
The bzip2 support is enabled by default unless requested otherwise via
--disable-bzip2. Make the help text reflect that.

Fixes: #4636
2016-11-11 16:39:03 +01:00
Susant Sahani
a39f92d391 Link: port to new ethtool ETHTOOL_xLINKSETTINGS
Link: port to new ethtool ETHTOOL_xLINKSETTINGS
This patch defines a new ETHTOOL_GLINKSETTINGS/SLINKSETTINGS API,
handled by the new get_link_ksettings/set_link_ksettings .

This is a WIP version based on this [kernel
patch](https://patchwork.kernel.org/patch/8411401/).

commit 0527f1c

3f1ac7a700ommit
35afb33
2016-11-10 15:12:56 +05:30
Zbigniew Jędrzejewski-Szmek
a809cee582 Merge pull request #4612 from keszybz/format-strings
Format string tweaks (and a small fix on 32bit)
2016-11-08 08:09:40 -05:00
Michael Biebl
71a9067cd4 build-sys: remove leftover setcap configure check (#4597)
The check for the setcap binary was added in commit
dd5ae4c36c to set the CAP_MAC_ADMIN
capability for systemd-bus-proxyd. Later on, bus-proxyd was removed in
commit 798c486fbc.
So remove the leftover setcap configure check as well.
2016-11-08 09:09:53 +01:00
Zbigniew Jędrzejewski-Szmek
f322f0e6d2 build-sys: fix appending of CFLAGS and define __SANE_USERSPACE_TYPES__
It's pointless to call AC_SUBST more than once on the same variable. Because
of all the copypasta, we were mixing CLFAGS and LDFLAGS.

… and the assertion in previous commit was wrong. PPC64 is a special snowflake.

__SANE_USERSPACE_TYPES__ is needed on PPC64 to make __u64 be llu, instead of
lu. Considering that both lu and llu are 64 bits, there's nothing sane about
this, maybe the flag should be called __INSANE_USERSPACE_TYPES__ instead. Sane
or not, this makes ppc64 kernel headers behave consistent with other
architectures. With this flag, no warnings are emitted at -O0 level.
2016-11-07 23:52:59 -05:00
Lennart Poettering
515958c9eb build-sys: bump package and library version in preparation for v232 2016-11-02 16:04:40 -06:00
Felipe Sateler
651742d8ec build-sys: Allow disabling installation of pam config snippet 2016-10-12 14:09:14 -03:00
hbrueckner
6abfd30372 seccomp: add support for the s390 architecture (#4287)
Add seccomp support for the s390 architecture (31-bit and 64-bit)
to systemd.

This requires libseccomp >= 2.3.1.
2016-10-05 13:58:55 +02:00
Zbigniew Jędrzejewski-Szmek
2acaa3789a build-sys: drop last reference to --have-kdbus 2016-09-09 15:03:11 +01:00
Zbigniew Jędrzejewski-Szmek
aa43d4bb89 build-sys: clarify that --disable-efi is about sd-boot and bootctl
If wasn't obvious what the effect of --disable-efi was without
going through Makefile.am.

Fixes #3959.
2016-08-14 15:25:08 -04:00
Lennart Poettering
2129011e92 nss-systemd: resolve root/nobody statically
Let's extend nss-systemd to also synthesize user/group entries for the
UIDs/GIDs 0 and 65534 which have special kernel meaning. Given that nss-systemd
is listed in /etc/nsswitch.conf only very late any explicit listing in
/etc/passwd or /etc/group takes precedence.

This functionality is useful in minimal container-like setups that lack
/etc/passwd files (or only have incompletely populated ones).
2016-08-04 23:08:05 +02:00
Davide Cavalca
4e3382bdd7 build-sys: conditionally disable LTO if requested (#3823)
This adds a --disable-lto option to ./configure, but does not change the
default behavior.
2016-07-28 23:42:45 -04:00
Lennart Poettering
38b383d9fe build-sys: metadata updates for v231 (#3803) 2016-07-25 15:49:47 -04:00
Lennart Poettering
4b930ded83 catalog: make support URL to show in shipped catalog entries configurable (#3597)
Let's allow distros to change the support URL to expose in catalog entries by
default. It doesn't make sense to direct end-users to the upstream project for
common errors.

This adds a --with-support-url= switch to configure, which allows overriding
the default at build-time.

Fixes: #2516
2016-06-26 17:43:37 +02:00
Dave Reisner
222953e87f Ensure kdbus isn't used (#3501)
Delete the dbus1 generator and some critical wiring. This prevents
kdbus from being loaded or detected. As such, it will never be used,
even if the user still has a useful kdbus module loaded on their system.

Sort of fixes #3480. Not really, but it's better than the current state.
2016-06-18 17:24:23 -04:00
Zbigniew Jędrzejewski-Szmek
dce588ec9d Merge pull request #3511 from andir/networkd-vrf
networkd: add support for vrf interfaces (#3316)
2016-06-16 09:15:45 -04:00
Andreas Rammhold
20897a0d6e networkd: added support for vrf interfaces (#3316) 2016-06-16 00:25:06 +02:00
Lennart Poettering
7bce046bcf core: set $JOURNAL_STREAM to the dev_t/ino_t of the journal stream of executed services
This permits services to detect whether their stdout/stderr is connected to the
journal, and if so talk to the journal directly, thus permitting carrying of
metadata.

As requested by the gtk folks: #2473
2016-06-15 23:00:27 +02:00
Andrew Jeddeloh
f4f5e50a0a build: fix missing symbol for old kernel headers (#3530)
Fix issue where IN6_ADDR_GEN_MODE_STABLE_PRIVACY is undefined but
IFLA_INET6_ADDR_GEN_MODE is defined and thus the former does not get
fixed in missing.h. This occurs with kernel headers new enough to have
the IFLA_INET6_ADDR_GEN_MODE but old enough to not yet have
IN6_ADDR_GEN_MODE_STABLE_PRIVACY (e.g. 3.18).
2016-06-14 11:09:06 +02:00
Zbigniew Jędrzejewski-Szmek
469978a824 build-sys: bump so version 2016-05-21 18:31:29 -04:00
Franck Bui
7178cd76f2 build-sys: allow references to adm group to be omitted (#3150) 2016-05-01 00:02:17 -04:00
Lennart Poettering
3282493ad0 build-sys: improve compat with older kernel headers
In 4.2 kernel headers, some netlink defines are missing that we need. missing.h
already can add them in, but currently makes this dependent on a definition
that these kernels already have. Change the check hence to check for the newest
definition in the table, so that the whole bunch of definitions as added in on
all kernels lacking this.
2016-04-29 16:27:48 +02:00
Zbigniew Jędrzejewski-Szmek
95365a576f build-sys: add --without-kill-user-processes configure option 2016-04-21 00:21:32 -04:00
Lukas Nykryn
f0b7fc2d89 configure.ac: bump curl dependency to 7.32.0
We are using CURLOPT_XFERINFOFUNCTION which was added in 7.32.0.
2016-04-06 15:03:31 +02:00
Lennart Poettering
056f0498fe Merge pull request #2947 from keszybz/test-nss
Add a test for nss modules and some related fixes
2016-04-06 10:48:55 +02:00
Zbigniew Jędrzejewski-Szmek
2abb5b3b10 test-nss: test the resolution of various names
nss-dns is also "tested". It should be almost always available,
and provides a reference for comparison.
2016-04-05 23:19:56 -04:00
Zbigniew Jędrzejewski-Szmek
1d4b557d1b basic/missing: add copy_file_range
syscall numbers based on:
https://fedora.juszkiewicz.com.pl/syscalls.html
2016-03-17 13:02:18 -04:00
Zbigniew Jędrzejewski-Szmek
c1ab819162 Enable test-ipcrm, test-hostname in unsafe tests 2016-03-04 21:45:45 -05:00
Daniel Mack
232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00
Daniel Mack
26c34ab4ee missing.h: Explicitly check for IFLA_BRPORT_PROXYARP
RHEL explicitly disables IFLA_BRPORT_PROXYARP by renaming the enum value.

In order to support unpatched builds, we have two options:

a) redefine the enum value through missing.h and ignore the fact that it
   is really unsupported, or

b) omit that enum value on rtnl_prot_info_bridge_port_types[]

As we are not actually using this netlink type anywhere, and because it
is only hooked up for the sake of completeness, this patch opts for the
former.
2016-02-22 13:22:30 +01:00
Martin Pitt
2150e62287 Merge pull request #2621 from keszybz/wheel-group
build-sys: allow wheel group name to be specified
2016-02-18 19:20:14 +01:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Lennart Poettering
de08570050 build-sys: fix type detection
Before this patch existence of char16_t, char32_t, key_serial_t was checked
with AC_CHECK_DECLS() which doesn't actually work for types. Correct this to
use AC_CHECK_TYPES() instead.

Also, while we are at it, change the check for memfd_create() to use
AC_CHECK_DECLS() instead of AC_CHECK_FUNCS(). This is a better choice, since a
couple of syscalls are defined by glibc but not exported in the header files
(pivot_root() for example), and we hence should probably be more picky with
memfd_create() too, which glibc might decide to expose one day, but not
necessarily in the headers too.
2016-02-16 15:22:06 +01:00
Lennart Poettering
61ecb465b1 resolved: turn on DNSSEC by default, unless configured otherwise
Let's make sure DNSSEC gets more testing, by defaulting DNSSEC to
"allow-downgrade" mode. Since distros should probably not ship DNSSEC enabled
by default add a configure switch to disable this again.

DNSSEC in "allow-downgrade" mode should mostly work without affecting user
experience. There's one exception: some captive portal systems rewrite DNS in
order to redirect HTTP traffic to the captive portal. If these systems
implement DNS servers that are otherwise DNSSEC-capable (which in fact is
pretty unlikely, but still...), then this will result in the captive portal
being inaccessible. To fix this support in NetworkManager (or any other network
management solution that does captive portal detection) is required, which
simply turns off DNSSEC during the captive portal detection, and resets it back
to the default (i.e. on) after captive portal authentication is complete.
2016-02-16 15:22:05 +01:00
Lennart Poettering
4de282cf93 build-sys: drop libsystemd-{id128,daemon,login,journal}.so compat libs
They have long been obsolete, and upstream distros and packages have mostly
switched over, let's get rid of it for good.
2016-02-13 11:57:14 +01:00
Lennart Poettering
c8b166b3ea Merge pull request #2587 from haraldh/tpmv3
sd-boot: put hashed kernel command line in a PCR of the TPM
2016-02-11 20:38:03 +01:00
Harald Hoyer
92ed3bb49e sd-boot: put hashed kernel command line in a PCR of the TPM
The UEFI BIOS already hashes the contents of the loaded image, so the
initrd and the command line of the binary are recorded.

Because manually added LoadOptions are not taken into account, these
should be recorded also.

This patch logs and extends a TPM PCR register with the LoadOptions.

This feature can be enabled with configure --enable-tpm

The PCR register index can be specified with
configure --with-tpm-pcrindex=<NUM>
2016-02-11 17:48:09 +01:00
Lennart Poettering
95adafc428 configure: bump version number 2016-02-11 17:28:00 +01:00
Lennart Poettering
888e378da2 coredump: dump priviliges when processing system coredumps
Let's add an extra-safety net and change UID/GID to the "systemd-coredump" user when processing coredumps from system
user. For coredumps of normal users we keep the current logic of processing the coredumps from the user id the coredump
was created under.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=87354
2016-02-10 16:09:24 +01:00
Daniel Mack
ccbd697b73 configure.ac: Fix help text of --enable-* options
Fixes #2567
2016-02-10 13:51:58 +01:00
Shawn Landden
c932fb71cc utf8.[ch] et al: use char32_t and char16_t instead of int, int32_t, int16_t
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.

[
 @zonque:
  * rebased to current master
  * use AC_CHECK_DECLS to detect availibility of char{16,32}_t
  * make utf8_encoded_to_unichar() return int
]
2016-01-27 14:10:02 +01:00
Zbigniew Jędrzejewski-Szmek
ab6f56debf build-sys: allow building man pages even if disabled in ./configure
This is purely for developer convenience: building man pages is slow
so people tend to disable them when not working on documentation. But
sometimes it is useful to build the man page to look something up,
especially when working on an older machine which has outdated
documentation, or to test some change to documentation. The rules to build
man pages are now outside of the ENABLE_MANPAGES conditional, but they
are not used unless manually invoked, and only the inclusion of man
pages in build and install targets is affected by the conditional.

Also, more generated files are removed in clean, which seems to be
good thing, and Makefile.am is simplified.
2016-01-18 16:19:13 -05:00
Evgeny Vereshchagin
c0957da3f4 build-sys: refactor have_smack detection 2015-12-12 06:08:25 +00:00
Evgeny Vereshchagin
566c9f5ad5 build-sys: fix ./configure --enable-smack
Fixes:

$ ./configure ... --enable-smack
$ make src/core/load-fragment-gperf.c
$ grep -i smack src/core/load-fragment-gperf.c
{"Swap.SmackProcessLabel", config_parse_warn_compat, DISABLED_CONFIGURATION, 0},
...

should be
{"Swap.SmackProcessLabel", config_parse_exec_smack_process_label, 0, offsetof(Swap, exec_context)},
...
2015-12-12 03:53:22 +00:00
Lennart Poettering
b43d75c378 importd: drop dkr support
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
2015-12-10 16:54:41 +01:00
Tom Gundersen
553947b77c Merge pull request #2129 from poettering/dnssec3
Third DNSSEC patch series
2015-12-10 15:22:18 +01:00