| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
If we use gpt-auto-generator, automatically measure root fs and /var.
Otherwise, add x-systemd.measure option to request this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The systemd-growfs@.service units are currently written in full for each
file system to grow. Which is kinda pointless given that (besides an
optional ordering dep) they contain always the same definition. Let's
fix that and add a static template for this logic, that the generator
simply instantiates (and adds an ordering dep for).
This mimics how systemd-fsck@.service is handled. Similar to the wait
that for root fs there's a special instance systemd-fsck-root.service
we also add a special instance systemd-growfs-root.service for the root
fs, since it has slightly different deps.
Fixes: #20788
See: #10014
|
| |
|
|
|
|
|
|
|
|
| |
if we want generators to instantiate a template service, we need to
teach generator_add_symlink() the concept.
Just some preparation for a later commit.
While we are at it, modernize the function around
path_extract_filename() + path_extract_directory()
|
| |
|
|
|
|
|
| |
We want PCR 15 to be useful for binding per-system policy to. Let's
measure the machine ID into it, to ensure that every OS we can
distinguish will get a different PCR (even if the root disk encryption
key is already measured into it).
|
| |
|
|
| |
See: #24503
|
| |
|
|
|
| |
let's enable PCR 15 measurements automatically if gpt-auto discovery is
used and systemd-stub is also used.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
These options allow measuring the volume key used for unlocking the
volume to a TPM2 PCR. This is ideally used for the volume key of the
root file system and can then be used to bind other resources to the
root file system volume in a secure way.
See: #24503
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
sensitive data
When measuring data into a PCR we are supposed to hash the data on the
CPU and then pass the hash value over the wire to the TPM2. That's all
good as long as the data we intend to measure is not sensitive.
Let's be extra careful though if we want to measure sensitive data, for
example the root file system volume key. Instead of just hashing that
and passing it over the wire to the TPM2, let's do a HMAC signature
instead. It's also a hash operation, but should protect our secret
reasonably well and not leak direct information about it to wiretappers.
|
| |
|
|
| |
This way we can reuse it later outside of pcrphase
|
| |
|
|
|
|
| |
pcrphase and generalize it in tpm2-util.c
That way we can reuse it later from different places.
|
| |\
| |
| | |
tree-wide: use CLEANUP_ERASE() at many places
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Let's use this new macro wherever it makes sense, as it allows us to
shorten or clean-up paths, and makes it less likely to miss a return
path.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.
Fixes #25984.
|
| | |
| |
| |
| |
| |
| |
| | |
let's peek the type before we enter the variant, not after, so that we
can reuse it as-is, instead having to recombine it later.
Follow-up for: #26049
|
| | |
| |
| |
| | |
Fixes #25988.
|
| | |
| |
| |
| |
| |
| | |
Fixes a bug introduced by af2aea8bb64b0dc42ecbe5549216eb567681a803.
Fixes #25883 and #25891.
|
| |\ \
| | |
| | | |
network: make TCP quick ACK mode for dynamic routes configurable
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Closes #25906.
|
| |\ \ \
| | | |
| | | | |
creds-util: some fixes related with TPM2 and capabilities
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch merge the TPM2 detection paths when we are inside and outside
an initrd.
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
During the credentials encryption, if systemd it is compiled with TPM2
support, it will try to use it depending on the key flags passed.
The current code only checks if the system has a functional TPM2 if the
case of the INITRD flag.
This patch do a similar check in the case that it is outside initrd (but
still automatic).
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2). This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.
This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.
Non-root users can now create per-user credentials with:
export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
systemd-creds setup
Signed-off-by: Alberto Planas <aplanas@suse.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
systemctl: list-dependencies: support --type= and --state=
|
| | | | |
| | | |
| | | |
| | | | |
Closes #25975
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
ci: Update mkosi action to latest commit
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now that we have ukify and mkosi has been updated to use it, we
have a solution in place to make sure that PE sections don't overlap
in a UKI so let's drop the workaround to avoid overlapping PE sections.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Let's make sure we're testing with the latest changes in mkosi. This
includes both the switch to systemd-repart and ukify, making sure we
get extra testing coverage for those components.
This also drops options from the centos config that have been removed
in the newer mkosi.
For some reason idmapping runs into some issues so we disable it for
now.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There is no reason to not accept RAs on bondX devices (devices that
aggregate other devices). It makes sense for aggregated devies though.
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When these partitions are probed by gpt-auto,
they will always be hardened with such options.
See also: https://github.com/systemd/systemd/issues/25776#issuecomment-1364115711
Closes #25776
|
| | |_|/
|/| | |
|
| | | |
| | |
| | |
| | | |
Let's make sure we mimick the version of our other CLI tooling.
|
| |/ /
| |
| |
| |
| |
| |
| | |
This was dropped on reviewers' request in the revision that got merged,
but reference in two documents was not updated. Fix it.
Follow-up for: https://github.com/systemd/systemd/pull/25918
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Follow-up for f2f7785d7a47ffa48ac929648794e1288509ddd8.
Fixes #26033.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the directory is configurable via -Dsysvinit-path= during build,
it makes the test fail on Fedora/RHEL/CentOS, where it's set to
/etc/rc.d/init.d, instead of the default /etc/init.d. Since we can't get
the value at runtime (in a reasonable manner), let's just support the
two most common paths for now.
Follow up to 7fcf0fab078ed92a4f6c3c3658c0a9dfd67c9601.
|
| |/ |
|
| |\
| |
| | |
udev: several cleanups
|
| | |
| |
| |
| |
| | |
And make the new format the one we expect as it should replace the old one
pretty quickly.
|
| | |
| |
| |
| |
| | |
That's usually the errno code we return when a device cannot be found because
it's been unplugged.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We likely always want to open the directory via a slink.
There's currently only one caller so it doesn't make any difference in practice
but I think it's still nicer.
No functional change.
|
| |/
|
|
| |
These 2 operations are inseparable.
|
| | |
|
