summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* Drop mkosi + clang section from HACKINGDaan De Meyer2023-02-161-77/+0
| | | | | We removed a few features that made this work, will be added back in the future when we restructure the way mkosi does build images.
* Update HACKING for latest mkosiDaan De Meyer2023-02-161-13/+4
|
* Merge pull request #26213 from poettering/journal-rework-seqnumLuca Boccassi2023-02-151-2/+2
|\ | | | | journal sequence number rework
| * man: document __SEQNUM=/__SEQNUM_ID= journal pseudo fieldsLennart Poettering2023-02-081-2/+2
| |
* | treewide: fix a few typos in NEWS, docs and commentsDmitry V. Levin2023-02-153-3/+3
| |
* | tree-wide: fix typo and comment style updateYu Watanabe2023-02-151-1/+1
| |
* | docs/NETWORK_ONLINE: fix exampleGeert Lorang2023-02-081-0/+2
|/ | | | | | | Type=oneshot is necessary for systemd to actually wait for the service to return. With RemainAfterExit=yes it won't be started again. Fixes #26342.
* docs/CODING_STYLE: add sentence about redirection operatorsZbigniew Jędrzejewski-Szmek2023-02-061-2/+5
|
* test: drop whitespace after shell redirection operatorsZbigniew Jędrzejewski-Szmek2023-02-061-1/+1
| | | | | | | | | | (The one case that is left unchanged is '< <(subcommand)'.) This way, the style with no gap was already dominant. This way, the reader immediately knows that ' < ' is a comparison operator and ' << ' is a shift. In a few cases, replace custom EOF replacement by just EOF. There is no point in using someting like "_EOL" unless "EOF" appears in the text.
* docs: tweak rsync flags for moving existing home dir to systemd-homedwouter bolsterlee2023-02-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The documentation on moving an existing homedir into a systemd-homed managed one suggests using rsync(1) with a bunch of flags to preserve as much metadata as possible: permissions, xattrs, timestamps, etc. The previously suggested flags were: rsync -aHAXv --remove-source-files … … which does include mtimes, but not ctimes and atimes, because -a does not include those: --archive, -a archive mode is -rlptgoD (no -A,-X,-U,-N,-H) This change adds the -N and -U flags to preserve even more file timestamps, turning the command into: rsync -aHANUXv --remove-source-files … The new flags are: --crtimes, -N preserve create times (newness) --atimes, -U preserve access (use) times
* update footer to 2023cake032023-01-291-1/+1
|
* docs: Update HACKING.md to mention latest mkosi is neededDaan De Meyer2023-01-241-10/+13
| | | | | | Let's require users to run mkosi from git so we can fix any issues forward instead of trying to keep the configs working with older versions.
* docs: update instructions for translation stringsLuca Boccassi2023-01-241-1/+1
|
* docs: drop manual rc PR warning stepLuca Boccassi2023-01-241-13/+11
| | | | it is not automated, yay
* docs, man: consistently use comma after "For example"Dmitry V. Levin2023-01-237-7/+7
|
* docs: fix formatting a bitDmitry V. Levin2023-01-232-3/+3
|
* docs: fix grammar a bitDmitry V. Levin2023-01-2312-30/+30
|
* docs: fix a few typosDmitry V. Levin2023-01-235-5/+5
|
* Merge pull request #23309 from DaanDeMeyer/log-contextLuca Boccassi2023-01-201-0/+3
|\ | | | | basic: Add log context
| * basic: Add log contextDaan De Meyer2023-01-081-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for attaching extra metadata to log messages written to the journal via log.h. We keep track of a thread local log context in log.c onto which we can push extra metadata fields that should be logged. Once a field is no longer relevant, it can be popped again from the log context. On top of this, we then add macros to allow pushing extra fields onto the log context. LOG_CONTEXT_PUSH() will push the provided field onto the log context and pop the last field from the log context when the current block ends. LOG_CONTEXT_PUSH_STRV() will do the same but for all fields in the given strv. Using the macros is as simple as putting them anywhere inside a block to add a field to all following log messages logged from inside that block. void myfunction(...) { ... LOG_CONTEXT_PUSH("MYMETADATA=abc"); // Every journal message logged will now have the MYMETADATA=abc // field included. } For convenience, there's also LOG_CONTEXT_PUSHF() to allow constructing the field to be logged using printf() syntax. log_context_new()/log_context_free() can be used to attach a log context to an async operation by storing it in the associated userdata struct.
* | doc: document how we expect empty lines to be usedLennart Poettering2023-01-171-2/+16
| |
* | tpm2: add common helper for checking if we are running on UKI with TPM ↵Lennart Poettering2023-01-171-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | measurements Let's introduce a common implementation of a function that checks whether we are booted on a kernel with systemd-stub that has TPM PCR measurements enabled. Do our own userspace measurements only if we detect that. PCRs are scarce and most likely there are projects which already make use of them in other ways. Hence, instead of blindly stepping into their territory let's conditionalize things so that people have to explicitly buy into our PCR assignments before we start measuring things into them. Specifically bind everything to an UKI that reported measurements. This was previously already implemented in systemd-pcrphase, but with this change we expand this to all tools that process PCR measurement settings. The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE, to make it more generic (since we'll use it at multiple places now). This is not a compat break, since the original env var for that was not included in any stable release yet.
* | docs/man: remove reference to default vsock CIDLuca Boccassi2023-01-151-4/+2
| | | | | | | | | | | | | | This was dropped on reviewers' request in the revision that got merged, but reference in two documents was not updated. Fix it. Follow-up for: https://github.com/systemd/systemd/pull/25918
* | bootctl: honor $KERNEL_INSTALL_CONF_ROOTLudwig Nussel2023-01-101-0/+3
|/ | | | | Honor $KERNEL_INSTALL_CONF_ROOT for reading config files, as kernel-install does.
* Merge pull request #25918 from bluca/smbios_sd_notifyLennart Poettering2023-01-061-1/+24
|\ | | | | Support AF_VSOCK in sd_notify and pick up notify_socket from creds
| * creds: import 'vmm.notify_socket' and use it to setLuca Boccassi2023-01-051-1/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is intended to be used with VSOCK, to notify the hypervisor/VMM, eg on the host: qemu <...> -smbios type=11,value=io.systemd.credential:vmm.notify_socket=vsock:2:1234 -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=42 (vsock:2:1234 -> send to host on vsock port 1234, default is to send to 0 which is the hypervisor itself) Also on the host: $ socat - VSOCK-LISTEN:1234,socktype=5 READY=1 STATUS=Ready.
* | CODING_STYLE: fix 'better' typoSam James2023-01-061-1/+1
|/
* docs: remove /dev/tty* confusionLennart Poettering2022-12-231-3/+3
| | | | | | | | | | | The text said /dev/tty* as a whole was the VT subsystem and that VT is not supported in containers. But that's not accurate as /dev/tty* will match /dev/tty too and that one device node is special and is not related to VT: it always points to the current process own controlling tty, regardless what that is. hence, rewrite /dev/tty* as /dev/tty[0-9]*.
* dissect-image: let's lock down fstypes a bitLennart Poettering2022-12-221-0/+4
| | | | | | | | | | | | | | | | | When we dissect images automatically, let's be a bit more conservative with the file system types we are willing to mount: only mount common file systems automatically. Explicit mounts requested by admins should always be OK, but when we do automatic mounts, let's not permit barely maintained, possibly legacy file systems. The list for now covers the four common writable and two common read-only file systems. Sooner or later we might want to add more to the list. Also, it might make sense to eventually make this configurable via the image dissection policy logic.
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* Implement SYSTEMD_HOME_MKFS_OPTIONS_* envvars to configure mkfs options for ↵Aidan Dang2022-12-151-0/+5
| | | | homed LUKS directories
* journal: log filtering options support in PID1Quentin Deslandes2022-12-151-0/+1
| | | | | | | | | Define new unit parameter (LogFilterPatterns) to filter logs processed by journald. This option is used to store a regular expression which is carried from PID1 to systemd-journald through a cgroup xattrs: `user.journald_log_filter_patterns`.
* Merge pull request #25723 from keszybz/generators-tmpYu Watanabe2022-12-151-1/+1
|\ | | | | Run generators with / ro and /tmp mounted
| * tree-wide: use mode=0nnn for mount optionZbigniew Jędrzejewski-Szmek2022-12-141-1/+1
| | | | | | | | | | | | This is an octal number. We used the 0 prefix in some places inconsistently. The kernel always interprets in base-8, so this has no effect, but I think it's nicer to use the 0 to remind the reader that this is not a decimal number.
* | doc: add language decorator on the code blockJiayi Chen2022-12-141-1/+1
| | | | | | Add `c` decorator on the code block for applying syntax highlighting.
* | doc: add an example code to lock the whole diskJanuary2022-12-131-0/+143
|/ | | | add an example to leverage `libsystemd` infrastructure to get the whole disk of a block device and take BSD lock on it #25046
* repart: support erofsLennart Poettering2022-12-101-2/+2
| | | | | | | | | | | | | | | So, i think "erofs" is probably the better, more modern alternative to "squashfs". Many of the benefits don't matter too much to us I guess, but there's one thing that stands out: erofs has a UUID in the superblock, squashfs has not. Having an UUID in the superblock matters if the file systems are used in an overlayfs stack, as overlayfs uses the UUIDs to robustly and persistently reference inodes on layers in case of metadata copy-up. Since we probably want to allow such uses in overlayfs as emplyoed by sysext (and the future syscfg) we probably should ramp up our erofs game early on. Hence let's natively support erofs, test it, and in fact mention it in the docs before squashfs even.
* ci: Labeler improvementsDaan De Meyer2022-12-091-0/+3
| | | | | | | | - Mention "/please-review" in the contributing guide - Remove "needs-rebase" on push - Don't add "please-review" if a green label is set - Don't add please-review label to draft PRs - Add please-review when a PR moves out of draft
* Implement --luks-pbkdf-force-iterations for homedAidan Dang2022-12-061-2/+5
|
* Merge pull request #25638 from bluca/rate_limit_configLuca Boccassi2022-12-061-0/+7
|\ | | | | pid1: add env var to override default mount rate limit burst
| * pid1: add env var to override default mount rate limit burstLuca Boccassi2022-12-051-0/+7
| | | | | | | | | | I am hitting the rate limit on a busy system with low resources, and it stalls the boot process which is Very Bad (TM).
* | doc: CentOS is EOL use CentOS streamJan Macku2022-12-051-1/+1
| |
* | doc: fix markdown-lint issues in `CONTRIBUTING.md`Jan Macku2022-12-051-6/+8
| |
* | doc: update link to systemd-rhel GitHub repoJan Macku2022-12-051-1/+1
|/ | | | | | systemd-rhel GitHub repository has been moved to new location: - https://github.com/redhat-plumbers
* core: add possibility to not track certain unit typesMichal Sekletar2022-11-241-0/+9
|
* boot: remove random-seed-modeJason A. Donenfeld2022-11-221-8/+0
| | | | | | | | Now that the random seed is used on virtualized systems, there's no point in having a random-seed-mode toggle switch. Let's just always require it now, with the existing logic already being there to allow not having it if EFI itself has an RNG. In other words, the logic for this can now be automatic.
* Merge pull request #25379 from keszybz/update-doc-linksLuca Boccassi2022-11-226-32/+34
|\ | | | | Update doc links
| * docs/BOOT_LOADER_INTERFACE: reword sentence to apply to both entry typesZbigniew Jędrzejewski-Szmek2022-11-211-3/+3
| |
| * tree-wide: BLS and DPS are now on uapi-group websiteZbigniew Jędrzejewski-Szmek2022-11-216-31/+33
| |
* | bootctl: install system token on virtualized systemsJason A. Donenfeld2022-11-211-11/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Removing the virtualization check might not be the worst thing in the world, and would potentially get many, many more systems properly seeded rather than not seeded. There are a few reasons to consider this: - In most QEMU setups and most guides on how to setup QEMU, a separate pflash file is used for nvram variables, and this generally isn't copied around. - We're now hashing in a timestamp, which should provide some level of differentiation, given that EFI_TIME has a nanoseconds field. - The kernel itself will additionally hash in: a high resolution time stamp, a cycle counter, RDRAND output, the VMGENID uniquely identifying the virtual machine, any other seeds from the hypervisor (like from FDT or setup_data). - During early boot, the RNG is reseeded quite frequently to account for the importance of early differentiation. So maybe the mitigating factors make the actual feared problem significantly less likely and therefore the pros of having file-based seeding might outweigh the cons of weird misconfigured setups having a hypothetical problem on first boot.
View Lorry Controller Status