| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This makes it easier to only test a subset of tests without having
to specify them all on the command line:
meson test -C build --suite headers
|
|
|
|
| |
Closes #23262.
|
|
|
|
|
|
|
|
|
| |
roothash=/usrhash= on the kernel cmdline
It doesn't really care about the hash value passed (which is processed
by systemd-veritysetup-generator), but it does care about the fact that
it is set (and mounts the DM nodes /dev/mapper/usr + /dev/mapper/root in
that case).
|
|
|
|
|
|
|
|
|
| |
I don't know why this didn't occur to me earlier, but of course, it
*has* to be this data.
(This replaces some German prose about Berlin, that i guess only very
few people will get. With the new blob I think we have a much broader
chance of delivering smiles.)
|
|
|
|
|
|
| |
Let's merge the footnote with the overall explanation of where systemd
parses its options from and reword the section a bit to hopefully make
things a bit more clear.
|
|\
| |
| | |
import system credentials from sd-stub + qemu fw_cfg + kernel cmdline explicitly in PID 1
|
| | |
|
| | |
|
|\ \
| |/
|/| |
More cross-references in bootctl/systemctl man pages
|
| | |
|
|\ \
| |/
| | |
Extend the documentation for oomd a bit
|
| |
| |
| |
| | |
OOMPolicy remains valid, but let's push users for the userspace solution.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The gist of the description is moved from systemd.resource-control
to systemd-oomd man page. Cross-references to OOMPolicy, memory.oom.group,
oomctl, ManagedOOMSwap and ManagedOOMMemoryPressure are added in all
places.
The descriptions are also more down-to-earth: instead of talking
about "taking action" let's just say "kill". We *might* add configuration
for different actions in the future, but we're not there yet, so let's
just describe what we do now.
|
| | |
|
| |
| |
| |
| |
| | |
* Some authenticators(like Yubikey) support credential algorithm other than ES256
* Introduce a new option so users can make use of it
|
|/
|
|
|
|
| |
We use authenticated encryption, and that deserves mention. This in
particular relevant as the fact they are authenticated makes the
credentials useful as initrd parameterization items.
|
|\
| |
| | |
tpm2: beef up tpm2 support checks
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The assignments were partly simply incorrectly documented, partly changed
with 4d32507f5186a89e98093659fbbe386787a97b9f and partly missing.
Moreover kernel 5.17 now measures all initrds to PCR 9 on its own
(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f046fff8bc4c4d8f8a478022e76e40b818f692df)
Let's correct all this and bring it up-to-date.
And while we are at it extend the docs about this in systemd-stub, with
a new table that indicates which OS resource is protected by which PCR.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fallback for systems lacking TPM2
This is supposed to be useful when generating credentials for immutable
initrd environments, where it is is relevant to support credentials even
on systems lacking a TPM2 chip.
With this, if `systemd-creds encrypt --with-key=auto-initrd` is used a
credential will be encrypted/signed with the TPM2 if it is available and
recognized by the firmware. Otherwise it will be encrypted/signed with
the fixed empty key, thus providing no confidentiality or authenticity.
The idea is that distributions use this mode to generically create
credentials that are as locked down as possible on the specific
platform.
|
| |
|
|\
| |
| | |
man: recommend that .network or friends should have a numeric prefix
|
| |
| |
| |
| |
| |
| | |
assigning delegated prefixes
Closes #23041.
|
| |
| |
| |
| | |
Closes #23105.
|
|/ |
|
|
|
|
| |
sysfs is a tree, hence let's a mode that allows showing it as such.
|
| |
|
| |
|
| |
|
|
|
|
| |
Gotta start somewhere.
|
| |
|
|
|
|
|
|
| |
We got documentation for sd-device for the first time with
b51f4eaf7b58f064092215cea9c6fc1c5af5646e, so let's celebrate by adding a
landing page that also explains the relationship with libudev.
|
|
|
|
| |
Based on linkchecker as usual.
|
|
|
|
|
| |
Inspired by 9fe20c3234. When the specifier is undocumented, it is really easy
to add a duplicate definition in a different place.
|
|
|
|
|
|
|
| |
%R is already used in service manager specifier expansion (cgroup root),
hence use a different char, that was so far not used.
Follow-up for: 6ceb0a4094908dd213a78b9f6d0c59a684831ab0
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, systemd-analyze verify would return 0 even if warnings
were raised during analysis of the specified units or their
dependencies. With 3cc3dc7, verify was changed to return 1 when
warnings were raised.
This commit changes the default mode to _RECURSIVE_ERRORS_INVALID
so that verify returns zero again by default when warnings are
raised.
|
|
|
|
|
|
|
| |
If we have two or more devices that share the same slot but they are
also multifunction then it is OK to use the slot information even if it
is the same for all of them. Name conflict will be avoided because we
will append function number and form names like, ens1f1, ens1f2...
|
|\
| |
| | |
Test --help and --version output in more cases
|
| |
| |
| |
| |
| |
| |
| | |
In --help output, change "$0" → "kernel-install". We generally don't include
the full path in --help output, and let's not do this here either.
kernel-install is now in build/ directly, not in the subdirectory.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
GIT_VERSION is not available as a config.h variable, because it's rendered
into version.h during builds. Let's rework jinja2 rendering to also
parse version.h. No functional change, the new variable is so far unused.
I guess this will make partial rebuilds a bit slower, but it's useful
to be able to use the full version string.
|
| | |
|
|/
|
|
|
|
|
|
| |
The settings and internal varables were added, but this was never
exposed on the bus. Add that.
Follow-up-for: a520bb665417af7aa98dcb983f3583659bbab807
Follow-up-for: #19917
|
|\
| |
| | |
Fix entry selection in bootctl status
|
| |
| |
| |
| |
| |
| | |
This is based on the output on my laptop, with various manual adjustments.
If people have other types of entries, it'd be useful to add them here. In
particular, some dual-boot entries would be nice.
|
| |
| |
| |
| |
| |
| | |
Strangely enough, having <varlistenetry>s outside of <variablelist> wasn't
causing visual problems. But having two <listitem>s in one <varlistentry>
resulted in the paragraphs running together in the rendered man page.
|
| | |
|
|\ \
| | |
| | | |
sd-device diskseq fix + udevadm info improvements
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Let's make things easier to debug, and show a more comprehensive set of
fields, extending on the existing output syntax that starts with one
marker character followed by a colon and a space.
|
|\ \ \
| |/ /
|/| | |
add small "udevadm lock" tool for locking a block device
|