summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ci: temporarily set -Wno-deprecated-declarations in PackitZbigniew Jędrzejewski-Szmek2021-12-011-0/+3
| | | | | | to suppress OpenSSL 3.0 deprecation warnings (until a proper solution is deployed): RSA_free, EC_KEY_free, RSA_set0_key, RSA_size, EVP_PKEY_assign, EC_KEY_set_group, and others are deprecated.
* resolved: do not use BN_dup() unnecessarillyZbigniew Jędrzejewski-Szmek2021-12-011-2/+4
| | | | Suggested in https://github.com/systemd/systemd/pull/21170#discussion_r738696794
* port string_hashsum from libgcrypt to openssl^gcryptZbigniew Jędrzejewski-Szmek2021-12-0113-37/+96
| | | | | | | | This allows resolved and importd to be built without libgcrypt. Note that we now say either 'cryptographic library' or 'cryptolib'. Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* basic/openssl-util: Add sha256 hash wrapperKevin Kuehler2021-12-012-0/+39
|
* resolve: Port nsec3 code to openssl^gcryptKevin Kuehler2021-12-011-14/+59
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolve: Port dnskey verification by ds to openssl^gcryptKevin Kuehler2021-11-301-24/+73
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolve: Port dnssec verify from gcrypt to openssl^gcryptKevin Kuehler2021-11-304-71/+260
| | | | Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* resolved: split out function to hash signatureZbigniew Jędrzejewski-Szmek2021-11-301-74/+79
| | | | dnssec_verify_rrset() is just too long.
* resolved: split out function to generate signatureZbigniew Jędrzejewski-Szmek2021-11-301-47/+78
| | | | dnssec_verify_rrset() is just too long.
* resolve: Add coverage for dnssec ecdsa (rfc6605)Kevin Kuehler2021-11-301-2/+187
|
* import: port importd from libgcrypt to openssl^gcryptZbigniew Jędrzejewski-Szmek2021-11-304-19/+59
| | | | | | | | | | | | | | | | | | This is heavily based on Kevin Kuehler's work, but the logic is also significantly changed: instead of a straighforward port to openssl, both versions of the code are kept, and at compile time we pick one or the other. The code is purposefully kept "dumb" — the idea is that the libgcrypt codepaths are only temporary and will be removed after everybody upgrades to openssl 3. Thus, a separate abstraction layer is not introduced. Instead, very simple ifdefs are used to select one or the other. If we added an abstraction layer, we'd have to remove it again afterwards, and it don't think it makes sense to do that for a temporary solution. Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> # Conflicts: # meson.build
* meson: add config setting to select between openssl and gcryptZbigniew Jędrzejewski-Szmek2021-11-303-0/+51
| | | | This is not pretty, but it is supposed to be only a temporary measure.
* repart: port to our home-grown hmac_sha256Kevin Kuehler2021-11-301-15/+8
| | | | | | | | | | | | This reduces dependencies. The speed of the code here is uimportant, because we hash only a tiny amount of input data. Debian and Ubuntu currently build without repart, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976959 > repart requires openssl and so far I tried to avoid linking against > both gnutls and openssl. Co-authored-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
* network: address: drop deprecated temporary addressYu Watanabe2021-11-301-0/+14
| | | | Fixes #19838.
* Merge pull request #21578 from bluca/json_specZbigniew Jędrzejewski-Szmek2021-11-301-7/+12
|\ | | | | docs: clarify JSON terms in COREDUMP_PACKAGE_METADATA
| * docs: clarify ELF note usage in COREDUMP_PACKAGE_METADATALuca Boccassi2021-11-301-4/+4
| |
| * docs: clarify JSON terms in COREDUMP_PACKAGE_METADATALuca Boccassi2021-11-301-4/+9
| |
* | sysusers: avoid creating spurious "nobody" groupRasmus Villemoes2021-11-301-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On distros using Debian's base-passwd, the name of the group with gid 65534 is nogroup. Currently, systemd-sysusers creates a spurious "nobody" group systemd-sysusers[243]: Creating group nobody with gid 996 That's both confusing and redundant, as the nobody user still has primary group 65534 aka nogroup, and the nobody group simply goes completely unused. So explicitly specify the primary group of the nobody user, and add a line ensuring that that group exists. This is not a problem for Debian (or Ubuntu) itself, as they add their own version of basic.conf in their systemd build logic. But it appears on for example Yocto/OpenEmbedded.
* | Merge pull request #21573 from keszybz/one-more-table-sortLuca Boccassi2021-11-303-39/+40
|\ \ | | | | | | One more table sort and man page updates
| * | basic/architecture: sort and reindent one more tableZbigniew Jędrzejewski-Szmek2021-11-301-31/+32
| | | | | | | | | | | | No idea why I didn't do this one in the previous round.
| * | man: fix typoZbigniew Jędrzejewski-Szmek2021-11-301-5/+5
| | | | | | | | | | | | Follow-up for c896eb7ad65f4dbe968fdf01fa51e9ef4d2d11ed.
| * | man: add missing plural and reorder sentenceZbigniew Jędrzejewski-Szmek2021-11-301-3/+3
| | | | | | | | | | | | | | | | | | We shouldn't explain what a value does before listing valid values… Follow-up for 4f1ac4a38d1adf08f849af1a61c7a248932d8e13.
* | | Merge pull request #21559 from jcg190701/mainYu Watanabe2021-11-301-2/+6
|\ \ \ | |/ / |/| | fix ConditionDirectoryNotEmpty when it comes to a Non-directory file
| * | fix ConditionPathIsReadWrite when path does not exist.jiangchuangang2021-11-301-1/+5
| | |
| * | fix ConditionDirectoryNotEmpty when it comes to a Non-directory filejiangchuangang2021-11-301-1/+1
| | |
* | | tree-wide: fix typoYu Watanabe2021-11-3016-19/+20
| |/ |/|
* | Merge pull request #21568 from yuwata/network-fix-json-formatLuca Boccassi2021-11-303-6/+27
|\ \ | | | | | | network: fix json format
| * | test-network: add more basic tests for network json formatsYu Watanabe2021-11-301-0/+21
| | |
| * | network: json: add missing initializationYu Watanabe2021-11-301-1/+1
| | | | | | | | | | | | Fixes CID#1466513.
| * | json: make JSON_BUILD_PAIR_IN_ADDR_NON_NULL or friends handle NULL gracefullyYu Watanabe2021-11-301-5/+5
| | | | | | | | | | | | Fixes #21567.
* | | man: fix copy-and-paste mistakeYu Watanabe2021-11-301-3/+0
|/ /
* | systemctl: display how long a systemd service will run (#21494)Amir Omidi2021-11-301-2/+13
| |
* | Merge pull request #21532 from yuwata/network-json-moreZbigniew Jędrzejewski-Szmek2021-11-296-17/+754
|\ \ | | | | | | network: add more json entries
| * | network: json: append DNS misc settingsYu Watanabe2021-11-261-0/+107
| | |
| * | network: json: append DNSSEC negative trust anchorsYu Watanabe2021-11-261-0/+62
| | |
| * | network: json: append domainsYu Watanabe2021-11-261-0/+160
| | |
| * | network: make both search_domains and route_domains allocated on DBus callYu Watanabe2021-11-261-7/+9
| | |
| * | network: json: append SIP server informationYu Watanabe2021-11-261-0/+59
| | |
| * | network: json: append NTP server informationYu Watanabe2021-11-261-0/+164
| | |
| * | network: json: append DNS server informationYu Watanabe2021-11-261-0/+170
| | |
| * | network: introduce NETWORK_CONFIG_SOURCE_RUNTIMEYu Watanabe2021-11-262-0/+2
| | |
| * | dhcp6: make sd_dhcp6_lease_get_dns() and friends accepts NULLYu Watanabe2021-11-261-7/+9
| | |
| * | dhcp: make sd_dhcp_lease_get_servers() accepts NULLYu Watanabe2021-11-261-2/+3
| | |
| * | network: json: add several entries for wait-onlineYu Watanabe2021-11-261-1/+9
| | |
* | | Merge pull request #21541 from bluca/analyze_security_profileZbigniew Jędrzejewski-Szmek2021-11-2910-34/+126
|\ \ \ | | | | | | | | analyze: add --profile switch to security verb
| * | | analyze: add --profile switch to security verbLuca Boccassi2021-11-267-2/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Allows to pass a portable profile when doing offline analysis of units. Especially useful for analyzing portable images, since a lot of the security-relevant settings in those cases come from the profiles, but they are not shipped in the portable images.
| * | | shell-completion: add offline/root/image to systemd-analyzeLuca Boccassi2021-11-261-2/+5
| | | |
| * | | portable: move profile search helper to path-lookupLuca Boccassi2021-11-263-31/+33
| | | | | | | | | | | | | | | | Will be used in systemd-analyze later
* | | | sd-boot: Fix assert failure in random-seed.cJan Janssen2021-11-301-6/+3
| | | | | | | | | | | | | | | | Fixes: #21556
* | | | unit: add jobs that were skipped because of ratelimit back to run_queueMichal Sekletar2021-11-301-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Assumption in edc027b was that job we first skipped because of active ratelimit is still in run_queue. Hence we trigger the queue and dispatch it in the next iteration. Actually we remove jobs from run_queue in job_run_and_invalidate() before we call unit_start(). Hence if we want to attempt to run the job again in the future we need to add it back to run_queue. Fixes #21458
View Lorry Controller Status