Currently translated at 94.2% (214 of 227 strings)
po: Translated using Weblate (Georgian)
Currently translated at 90.3% (205 of 227 strings)
po: Translated using Weblate (Georgian)
Currently translated at 88.9% (202 of 227 strings)
Co-authored-by: Temuri Doghonadze <temuri.doghonadze@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ka/
Translation: systemd/main
Older code did not save the pcr bank (i.e. pcr hash algorithm), and instead let
tpm2_unseal() find the best pcr bank to use. In commit
2cd9d57548 we changed tpm2_unseal() to no longer
handle an unset pcr bank. This adds back in the handling of an unset pcr_bank
so older sealed data should continue to work.
This test loops through masks, but is a relatively long test due to the
increment size between loops; this slightly increases the increment size (from
3->5) which greatly speeds up the test.
In a confidential VM, the SMBIOS data is not trusted, as it is under the
control of the host OS/admin and not covered by attestation of the machine.
Fixes: https://github.com/systemd/systemd/issues/27604
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This helper is a simplified version of detect_confidential_virtualization()
that merely returns a boolean status flag reflecting whether we are believed
to be running inside a confidential VM.
This flag can be used for turning off features that are inappropriate to
use from a CVM, but must not be used for releasing sensitive data. The
latter must only be done in response to an attestation for the environment.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
In etc_hosts_lookup_by_address(), make sure the canonical name of the given
address is returned first in the list of names that address resolves to.
Resolves: #25088
mkosi now supports CentOS SIGs natively so we drop our own definition
of that and use the mkosi builtin one. We also enable hyperscale for
both CentOS 8 and CentOS 9 for consistency and add epel-next as well
which is a requirement for Hyperscale.
CentOS 8 ships python 3.6 so let's try and stay compatible with that
since the only feature we're using that requires python 3.9 is the
streamlined type annotations which are trivial to convert back to
the older stuff to stay compatible with python 3.6.
Currently translated at 100.0% (227 of 227 strings)
po: Translated using Weblate (Ukrainian)
Currently translated at 93.8% (213 of 227 strings)
Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/uk/
Translation: systemd/main
kernel-install used to work without /proc mounted before the rewrite
in C. Let's restore that property by making sure we don't reopen
file descriptors via /proc. In this case, parse_env_file_fdv() calls
fdopen_independent() to get a FILE * for the given file descriptor
(which itself calls fd_reopen()). Let's avoid the call to
fdopen_independent() by using chase_and_fopenat_unlocked() which
gives us a FILE * immediately without having to reopen any file
descriptors.
Otherwise, we may configure a route that depends on the existence
of an address or another route, and may fail when lifetime of one
of them are already zero.
Hopefully fixes#28358.
If getopt_long() is called for a list of arguments and it is freed, then
calling getopt_long() for another list will trigger use-after-free.
The function proc_cmdline_filter_pid1_args() may be called before or during
parsing program arguments (typically named as parse_argv()), hence we cannot
use getopt_long() in proc_cmdline_filter_pid1_args().
Fixes#28366.
