| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
During the call today we agreed to work towards -rc1 in January. Nevertheless,
I already started writing this up and I'll push it so it doesn't get lost.
I didn't include all the changes to systemd-repart, because those are still in
flux.
|
| |
|
|
|
|
|
| |
And drop to mention sd_id128_get_boot_app_specific() may return -ENOENT
or -ENOMEDIUM. The function does not read /etc/machine-id. But reads a
file in the procfs, which is a kind of the kernel API. Hence the
failures are caused only when the system has wrong setup.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So, i think "erofs" is probably the better, more modern alternative to
"squashfs". Many of the benefits don't matter too much to us I guess,
but there's one thing that stands out: erofs has a UUID in the
superblock, squashfs has not. Having an UUID in the superblock matters
if the file systems are used in an overlayfs stack, as overlayfs uses
the UUIDs to robustly and persistently reference inodes on layers in
case of metadata copy-up.
Since we probably want to allow such uses in overlayfs as emplyoed by
sysext (and the future syscfg) we probably should ramp up our erofs game
early on. Hence let's natively support erofs, test it, and in fact
mention it in the docs before squashfs even.
|
| |\
| |
| | |
dissect: add a mode for operating on an in-memory copy of a DDI, inst…
|
| | | |
|
| |\ \
| |/
|/| |
ukify: add helper to create UKIs
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If given, multiple initrds are concatenated into a temporary file which then
becomes the .initrd section.
It is also possible to give no initrd. After all, some machines boot without an
initrd, and it should be possible to use the stub without requiring an initrd.
(The stub might not like this, but this is something to fix there.)
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
And add an example setting for creating an IPv6 default route.
Closes #25440.
|
| |\ \
| | |
| | | |
Extend hostnamed DMI firmware properties
|
| | | |
| | |
| | |
| | | |
Expose /sys/class/dmi/id/bios_date as dbus property in hostnamed.
|
| | | |
| | |
| | |
| | | |
Expose /sys/class/dmi/id/bios_vendor as dbus property in hostnamed.
|
| |/ / |
|
| |\ \
| | |
| | | |
Deemphasize 'halt' subcommand
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Systemd documents "halt" as the primary shutdown mechanism, redirecting
"reboot" and "shutdown" to the halt(8), but halt is a really strange and
obsolete concept. Who would want to really keep their machine running after
shutdown? I expect that halting is almost unused. Let's at least make it less
prominent in the docs.
While at it, use "power off" for a verb and "power-off" for noun (but "poweroff"
of the actual command name).
|
| | | |
| | |
| | |
| | | |
"Such as … suchlike" repeats too much.
|
| |/ / |
|
| |\ \
| | |
| | |
| | |
| | | |
YHNdnzj/systemctl-disable-warn-statically-enabled-services
systemctl: warn if trying to disable a unit with no install info
|
| | | |
| | |
| | |
| | |
| | |
| | | |
In cases like packaging scripts, it might be desired to use
enable/disable on units without install info. So, adding an
option '--no-warn' to suppress the warning.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Trying to disable a unit with no install info is mostly useless, so
adding a warning like we do for enable (with the new dbus method
'DisableUnitFilesWithFlagsAndInstallInfo()'). Note that it would
still find and remove symlinks to the unit in /etc, regardless of
whether it has install info or not, just like before. And if there are
actually files to remove, we suppress the warning.
Fixes #17689
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
repart: Ignore copy failures for unsupported file types
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
e.g. vfat doesn't support symlinks, sockets, fifos, etc so let's ignore
any copy failures related to unsupported file types when populating
filesystems.
|
| |/ / /
| | |
| | |
| | |
| | | |
Explicitly state that ManagedOOMPreference is always honored when the
unit's cgroup is owned by root.
|
| |\ \ \
| | | |
| | | | |
systemd: Support OOMPolicy in scope units
|
| | | | |
| | | |
| | | |
| | | | |
Closes #25376.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently the kernel-install man page only documents the bls layout for use
with the boot loader spec type #1. 90-loaderentry.install uses this layout to
generate loader entries and copy the kernel image and initrd to $BOOT.
This commit documents a second layout "uki" and adds 90-uki-copy.install,
which copies a UKI "uki.efi" from the staging area or any file with the .efi
extension given on the command line to
$BOOT/EFI/Linux/$ENTRY_TOKEN-$KERNEl_VERSION(+$TRIES).efi
This allows for both locally generated and distro-provided UKIs to be handled
by kernel-install.
|
| |\ \ \ \
| | | | |
| | | | | |
Meson fixups
|
| | | |_|/
| |/| |
| | | |
| | | | |
Forgotten in 85bc6b05491fb4c9f40f8a0e8615ac5321efbea0.
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
for 127.0.0.54 + 127.0.0.53
Let's give these special IP addresses names. After all name resolution
is our job here.
Fixes: #23623
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
--include-partitions and --exclude-partitions now fully exclude
partitions from repart. Whenever a partition type is excluded, we
don't take any partitions of that type into account at all when
running systemd-repart.
--skip-partitions= is introduced to do what --exclude-partitions did
previously. Any skipped partitions are taken into acount when doing
size calculations, but are not yet populated.
Why do we need both concepts? Exclusion is needed so that we can
use shared repart definitions to generate bootable and non-bootable
images. When generating a non-bootable image, we use --exclude-partitions
to exclude the ESP partition. Skipping is needed so that we can
populate the root partition while skipping the ESP partition, get
the roothash of the root partition, use that to generate a UKI, and
finally populate the ESP partition with the UKI included.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We said "query the journal". This is true but also very generic. Let's say
"print log entries from the journal" instead, so that users who are looking for
"logging" are more likely to figure out that the journalctl is the tool for
them.
Also, mention systemd-journal-remote.service which can write the journal too.
And give some hints how to figure out how to write *to* the journal.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Now that the random seed is used on virtualized systems, there's no
point in having a random-seed-mode toggle switch. Let's just always
require it now, with the existing logic already being there to allow not
having it if EFI itself has an RNG. In other words, the logic for this
can now be automatic.
|
| |\ \ \
| | | |
| | | | |
Update doc links
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
boot: implement kernel EFI RNG seed protocol with proper hashing
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rather than passing seeds up to userspace via EFI variables, pass seeds
directly to the kernel's EFI stub loader, via LINUX_EFI_RANDOM_SEED_TABLE_GUID.
EFI variables can potentially leak and suffer from forward secrecy
issues, and processing these with userspace means that they are
initialized much too late in boot to be useful. In contrast,
LINUX_EFI_RANDOM_SEED_TABLE_GUID uses EFI configuration tables, and so
is hidden from userspace entirely, and is parsed extremely early on by
the kernel, so that every single call to get_random_bytes() by the
kernel is seeded.
In order to do this properly, we use a bit more robust hashing scheme,
and make sure that each input is properly memzeroed out after use. The
scheme is:
key = HASH(LABEL || sizeof(input1) || input1 || ... || sizeof(inputN) || inputN)
new_disk_seed = HASH(key || 0)
seed_for_linux = HASH(key || 1)
The various inputs are:
- LINUX_EFI_RANDOM_SEED_TABLE_GUID from prior bootloaders
- 256 bits of seed from EFI's RNG
- The (immutable) system token, from its EFI variable
- The prior on-disk seed
- The UEFI monotonic counter
- A timestamp
This also adjusts the secure boot semantics, so that the operation is
only aborted if it's not possible to get random bytes from EFI's RNG or
a prior boot stage. With the proper hashing scheme, this should make
boot seeds safe even on secure boot.
There is currently a bug in Linux's EFI stub in which if the EFI stub
manages to generate random bytes on its own using EFI's RNG, it will
ignore what the bootloader passes. That's annoying, but it means that
either way, via systemd-boot or via EFI stub's mechanism, the RNG *does*
get initialized in a good safe way. And this bug is now fixed in the
efi.git tree, and will hopefully be backported to older kernels.
As the kernel recommends, the resultant seeds are 256 bits and are
allocated using pool memory of type EfiACPIReclaimMemory, so that it
gets freed at the right moment in boot.
|
| | | | | |
|
| | | | |
| | | |
| | | | |
set-hostname is obsolete
|
| | | | | |
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let's allow filtering the partitions to operate on by partition
type UUID. This is necessary when building bootable images with a
verity protected root/usr partition as we can only build the UKI
image when we have the verity roothash which means we cannot populate
the EFI partition yet when we run repart initially to determine the
verity roothash.
|
| |\ \ \
| |_|/
|/| | |
repart: Add Minimize setting
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of requiring users to guess the required space for partitions
populated with CopyFiles=, let's make an educated guess ourselves. We
can populate the filesystem once in a very large sparse file and see
how much data is actually used as a good indicator of the required size.
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
A copy paste error has crippled in the objcopy example in 'systemd-measure'
manual, "--change-section-vma" should reference the section being added,
not ".splash". When used as-is, the resulting UKI is unbootable.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
