The tool initially just measured the boot phase, but was subsequently
extended to measure file system and machine IDs, too. At AllSystemsGo
there were request to add more, and make the tool generically
accessible.
Hence, let's rename the binary (but not the pcrphase services), to make
clear the tool is not just measureing the boot phase, but a lot of other
things too.
The tool is located in /usr/lib/ and still relatively new, hence let's
just rename the binary and be done with it, while keeping the unit names
stable.
While we are at it, also move the tool out of src/boot/ and into its own
src/pcrextend/ dir, since it's not really doing boot related stuff
anymore.
Latest mkosi sets $MKOSI_UID and $MKOSI_GID to the uid/gid of the
user running mkosi. Let's make use of this to run meson setup and
ninja as the user running mkosi, so that if we execute git as a
subprocess during meson setup, it doesn't complain about unsafe
directories. This also makes sure all the build artifacts are owned
on the host by the user running mkosi.
This commit adds hwdb entry for Miglia Technology Harmony Audio (HA02).
The device is an application of OXford Semiconductor FW970 and will be
supported by ALSA oxfw driver in future.
On slower/overloaded systems it may take a bit for the swtpm socket
to show up:
I: Started swtpm as PID 189419 with state dir /tmp/tmp.pWqUutuGUj
I: Configured emulated TPM2 device tpm-spapr
+ tee /var/tmp/systemd-test-TEST-70-TPM2_1/console.log
+ timeout --foreground 1200 /bin/qemu-system-ppc64le -smp 4 ...
qemu-system-ppc64le: -chardev socket,id=chrtpm,path=/tmp/tmp.pWqUutuGUj/sock: Failed to connect to '/tmp/tmp.pWqUutuGUj/sock': No such file or directory
E: qemu failed with exit code 1
Spotted regularly in the ppc64le cron job and in some Ubuntu CI/CentOS CI
pr runs [0].
[0] https://github.com/systemd/systemd/pull/29183#issuecomment-1721727927
We can't do anything about them anyway, and most importantly this seems
to alleviate systemd/systemd-centos-ci#660, which should make the CIs
a bit less angry (at least until the issue is addressed properly).
I recently tried adding a FIDO2-Device as an unlocking method to the LUKS2 partition containing my Fedora install.
When trying to do this, I stumbled upon the here edited man files detailing how to do this.
I however could not unlock my partition with my FIDO2-Device after editing /etc/crypttab and rebooting.
As I found out after a while, I needed to regenerate / update my currently running / used initramfs (https://unix.stackexchange.com/a/705809).
This would have most likely solved itself for me with the next kernel update install (as far as I understand).
So I propose changing the files edited here to recommend or at least inform the user about this.
When booting from virtiofs, we won't be able to find a root block
device. Let's gracefully handle this similar to how we don't fail
if we can't find a GPT partition table.
mkosi now supports booting directory images in qemu using virtiofs.
However, until distribution kernels build the virtiofs driver directly
into the kernel, we need an initrd to make this work, so make sure to
pull in the initrd preset when building a directory image that could be
bootable to make this work.
The macro used to return NULL if input was NULL or had the wrong type. Now
it asserts that input is nonnull and it has the expected type.
There are a few places where a missing or mismatched type was OK, but in a
majority of places, we would do both of the asserts. In various places we'd
only do one, but that was by ommission/mistake. So moving the asserts into the
macro allows us to save some lines.
We have two fields: inherit and ttl, and ttl is ignored if inherit is true.
Setting TTL=inherit and later TTL=n would not work because we didn't unset
inherit.
Previously, we would call parse_ip_protocol(), which internally calls
safe_atoi(), and then call safe_atou(). This isn't terrible, but it's also
slightly confusing. Use parse_ip_protocol_full() to avoid the second call.
Optionally, accept protocols that don't have a known name.
Avoid any allocations in the common case.
Return more granular error codes: -ERANGE for negative values,
-EOPNOTSUPP if the protocol is a valid number, but we don't know
the protocol, and -EINVAL only if it's not a numerical string.
This compresses repetetive code and makes it easier to add new options
in networkd. The formatting of error messages becomes uniform. The
error message always specifies the rvalue literally, instead of using
a "descriptive name". This makes the message much easier to handle for
the user.
I opted to add just one parser, and wrap it with inline functions to proxy
the type. This is less verbose than copying functions for each type
separately, and the compiler should be able to get rid of the inline wrapper
almost entirely.
asserts are reordered to use the same order as the parameter list.
This makes the code easier to read.
No functional change intended, apart from the difference in error message
formatting.
If the column is "-" and the X context variant specifer only
contains commas, we should also give the match bonus. The variant
string is supposed to be a comma-separated list as long as the
list of layouts, so it's quite natural for consumers to be written
in such a way that they pass a string only containing commas if
there are multiple layouts and no variants. anaconda is a real
world case that does this.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Otherwise, e.g. sd_journal_get_monotonic_usec() return an empty boot ID
when called for such a broken entry object.
Such a broken object may be stored when the system was not cleanly shutdown.
Fixes#29167.
Installing ukify.py doesn't require a working UEFI architecture, but
only that the bootloader option is enabled (and python3). On Debian
Arch: all packages (like python scripts) can theorethically be built
on any builder with any architecture, so there's no guarantee that
it will actually be an EFI-enabled architecture to do that package build.
Relax the requirement to check only for the ukify config option.
For file:// links, we urlify the link so that the user can click and either
open the file in a editor or some viewer. The detection is chosen via some
mechanism implemented by the terminal emulator. This seems too DTRT for text
files and PDFs, which should cover the majority of realistic cases. If the file
is not viable, the terminal emulator will say
"Could not open file://…. No application is registered to view this file type."
or similar.
For all other links, which are primarily http:// and https://, we just show the
link, letting the terminal handle the hyperlinking. The user can then ctrl-click
and open the file it their browser. If we tried to open the files automatically,
we'd would need to open many pages, and we'd need to figure out what browser to
use, etc. When the user picks whether to open the file, this leads to a nicer
user experience.
Man pages are separated by an empty line from preceding in and following output.
In my testing, this makes the output easier to read. A bit of explicit flushing
is needed to make sure that various outputs are not interleaved.
Fixes https://github.com/systemd/systemd/issues/29061.
In 9289e093ae we started using install_emptydir().
When running unprivileged, 'DESTDIR=… meson install -C build --quiet --no-rebuild'
would emit two warnings:
'…/var/log/journal': Unable to set owner 'root' and group 'root': Operation not permitted, ignoring...
'…/var/log/journal/remote': Unable to set owner 'root' and group 'root': Operation not permitted, ignoring...
Those were the only two install_emptydir()s that specified ownership.
Let's drop the user/group specification to get rid of the warning.
When installing as root, we will create a root-owned directory anyway.
When not running as root, we cannot create a root-owned directory.
So this specification only makes a difference if we are running as root,
and the directory already existed, and was not owned by root. In that case,
I think it's actually better to leave the existing modification in place.
(E.g. maybe the admin chgrp'ed the ownership for whatever reason. We might
just as well leave that in place.)
