| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
We provide the same stability for all the headers that are public.
Also, mark id128 as portable to other systems. There is really nothing in the
code that would make it hard. It would probably work out-of-the-box.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.
The root partition is generated on boot with systemd-repart.
CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.
We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
|
|
|
|
| |
The `pacman` command in order to install packages on Arch in the documentation is invalid.
This PR fixes the command.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This implements a minimal subset of #24961, but in a lot more
restrictive way: we only allow one level of subcgroup (as that's enough
to address the no-processes in inner cgroups rule), and does not change
anything about threaded cgroup logic or similar, or make any of this new
behaviour mandatory.
All this does is this: all non-control processes we invoke for a unit
we'll invoke in a subgroup by the specified name.
We'll later port all our current services that use cgroup delegation
over to this, i.e. user@.service, systemd-nspawn@.service and
systemd-udevd.service.
|
|
|
|
| |
Embedded credential name 'ciphertext.cred' does not match filename 'foobar', refusing.
|
|
|
|
|
|
|
|
| |
style APIs (and NULL path is OK)
As discussed here:
https://github.com/systemd/systemd/pull/27397#issuecomment-1521630044
|
|
|
| |
* Update TEMPORARY_DIRECTORIES.md
|
|
|
|
| |
As reported by Fossies.
|
|
|
|
|
| |
Addresses https://github.com/systemd/systemd/pull/27283#pullrequestreview-1386816102.
Follow-up to 1a127aa02b.
|
| |
|
|
|
|
|
|
|
|
| |
To make it consistent with other env vars, e.g. $SYSTEMD_ESP_PATH or
$SYSTEMD_XBOOTLDR_PATH.
This is useful when the root is specified by a file descriptor, instead
of a path.
|
|\
| |
| | |
sd-journal: allow to specify compression algorithm through env
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes RHBZ#2183546 (https://bugzilla.redhat.com/show_bug.cgi?id=2183546).
Previously, journal file is always compressed with the default algorithm
set at compile time. So, if a newer algorithm is used, journal files
cannot be read by older version of journalctl that does not support the
algorithm.
Co-authored-by: Colin Walters <walters@verbum.org>
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
Similar to what we do for directories, just before we remove a file,
let's try to take a BSD lock on it. If that fails, skip removing the
file.
|
|
|
|
|
|
|
|
|
|
|
| |
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
.gdbinit to make gdb work properly
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful to identify log messages with metadata from the images
they run on. Look for ID/VERSION_ID/IMAGE_ID/IMAGE_VERSION/BUILD_ID,
with a SYSEXT_ prefix if we are looking at an extension, and append via
LogExtraFields= as respectively PORTABLE_NAME_AND_VERSION= in case of a
single image. In case of extensions, append as PORTABLE_ROOT_NAME_AND_VERSION=
for the base and one PORTABLE_EXTENSION_AND_VERSION= for each extension.
Example with a base and two extensions, with the unit coming from the
first extension:
[Service]
RootImage=/home/bluca/git/systemd/base.raw
Environment=PORTABLE=app0.raw
BindReadOnlyPaths=/etc/os-release:/run/host/os-release
LogExtraFields=PORTABLE=app0.raw
Environment=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT=base.raw
LogExtraFields=PORTABLE_ROOT_NAME_AND_VERSION=debian_10
ExtensionImages=/home/bluca/git/systemd/app0.raw
LogExtraFields=PORTABLE_EXTENSION=app0.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_0
ExtensionImages=/home/bluca/git/systemd/app1.raw
LogExtraFields=PORTABLE_EXTENSION=app1.raw
LogExtraFields=PORTABLE_EXTENSION_NAME_AND_VERSION=app_1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a portable service uses extensions, we use the 'main' image name
(the one where the unit was found in) as PORTABLE=. It is useful to
also list all the images actually used at runtime, as they might
contain libraries and so on.
Use PORTABLE_ROOT= for the image/directory that is used as RootImage=
or RootDirectory=, and PORTABLE_EXTENSION= for the image/directory that
is used as ExtensionImages= or ExtensionDirectories=.
Note that these new fields are only added if extensions are used,
there's no change for single-DDI portables.
Example with a base and two extensions, with the unit coming from the
first extension:
[Service]
RootImage=/home/bluca/git/systemd/base.raw
Environment=PORTABLE=app0.raw
BindReadOnlyPaths=/etc/os-release:/run/host/os-release
LogExtraFields=PORTABLE=app0.raw
LogExtraFields=PORTABLE_ROOT=base.raw
ExtensionImages=/home/bluca/git/systemd/app0.raw
LogExtraFields=PORTABLE_EXTENSION=app0.raw
ExtensionImages=/home/bluca/git/systemd/app1.raw
LogExtraFields=PORTABLE_EXTENSION=app1.raw
|
| |
|
|
|
|
|
| |
We need repart, bootctl, analyze and ukify for mkosi so let's make
sure those get built in the HACKING guide.
|
|
|
|
|
| |
Let's account for the recent changes in mkosi in the debugging
with vscode section.
|
| |
|
|
|
|
|
| |
bfd/gold/mold/lld support this flag, so document it explicitly, and drop the
manually written linker script which is no longer necessary
|
| |
|
|\
| |
| |
| |
| | |
lilyinstarlight/fix/fstab-generator-sysroot-without-cmdline
fstab-generator: use correct targets when /sysroot is specificied in fstab only
|
| |
| |
| |
| |
| | |
This forces processing of /dev entries in fstab when running in a
container is detected (checked as the existence of read-only /sys).
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
most recent entry
This way we can quickly find the most recent entry, without searching or
traversing entry array chains.
This is relevant later, as it it allows us to quickly determine the most
recent timestamps of each journal file, in a roughly atomic way.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
We removed a few features that made this work, will be added back
in the future when we restructure the way mkosi does build images.
|
| | |
|
|\ \
| | |
| | | |
journal sequence number rework
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| | |
Type=oneshot is necessary for systemd to actually wait for the service
to return. With RemainAfterExit=yes it won't be started again.
Fixes #26342.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(The one case that is left unchanged is '< <(subcommand)'.)
This way, the style with no gap was already dominant. This way, the reader
immediately knows that ' < ' is a comparison operator and ' << ' is a shift.
In a few cases, replace custom EOF replacement by just EOF. There is no point
in using someting like "_EOL" unless "EOF" appears in the text.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The documentation on moving an existing homedir into a systemd-homed managed
one suggests using rsync(1) with a bunch of flags to preserve as much metadata
as possible: permissions, xattrs, timestamps, etc. The previously suggested
flags were:
rsync -aHAXv --remove-source-files …
… which does include mtimes, but not ctimes and atimes, because -a does not
include those:
--archive, -a archive mode is -rlptgoD (no -A,-X,-U,-N,-H)
This change adds the -N and -U flags to preserve even more file timestamps,
turning the command into:
rsync -aHANUXv --remove-source-files …
The new flags are:
--crtimes, -N preserve create times (newness)
--atimes, -U preserve access (use) times
|
| | |
|
| |
| |
| |
| |
| |
| | |
Let's require users to run mkosi from git so we can fix any issues
forward instead of trying to keep the configs working with older
versions.
|
| | |
|
| |
| |
| |
| | |
it is not automated, yay
|
| | |
|
| | |
|
| | |
|