If KERNEL_INSTALL_MACHINE_ID is defined in /etc/machine-info, prefer it
over the machine ID from /etc/machine-id. If a machine ID is defined in
neither /etc/machine-info nor in /etc/machine-id, generate a new UUID
and try to write it to /etc/machine-info as KERNEL_INSTALL_MACHINE_ID
and use it as the machine ID if writing it to /etc/machine-info succeeds.
In practice, this means we have a more robust fallback if there's no
machine ID in /etc/machine-id than just using "Default" and allows
image builders to force kernel-install to use KERNEL_INSTALL_MACHINE_ID
by simply writing it to /etc/machine-info themselves.
This was an undocumented change in behavior introduced by
9e82a74cb0. Previously, we only
checked for "Default" if we didn't find a machine ID. Let's make
sure we keep the previous behavior intact.
systemd-analyze critical-chain accepts an optional unit argument,
however currently there's no shell-completion for it
This change provides unit name completion for both bash and zsh.
Closes: #20927
Build option "link-boot-shared" to build a statically linked bootctl and
systemd-bless-boot by using
-Dlink-boot-shared=false
on systems with full systemd stack except bootctl and systemd-bless-boot,
such as CentOS/RHEL 9.
This description will help users who are trying to reset the already configured
CPUQuota= by trying incorrect ways such as CPUQuota=0 or CPUQUota=infinity.
TEST-67-INTEGRITY times out quite often, and when it passes
it does so a few seconds short of the timeout. It's a slow
qemu test, so bump the timeout.
TEST-50-DISSECT has been reported to fail in the same way
on Debian's infrastructure, again narrowly failing or passing
just short of the timeout.
This is a soft disable. Passing `dbus-interfaces-dir` build option
will with path or 'yes' enable exports again even when cross
compiling. (maybe your environment will allow to execute
cross compiled binaries)
Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs
to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU
6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for
VMs. EPC is the reserved physical memory used for hosting enclaves.
This replaces the memmem-based approach of finding a suitable title
for the windows boot manager with one that actually parses the BCD
store. It's probably faster but more importantly, it's more correct.
The memmem approach may detect stale title strings that are still
in the file but unused due to the way registry hives are updated.
This approach also allows us to detect if the BCD store is multi-boot
so that we can fall back on the generic one instead.
The gnu-efi headers emit some warnings in clang when not compiled with
-ffreestanding. This is normally not an issue for has_header_symbol()
unless meson is run with CFLAGS="-Werror". Note that this differs
from the --werror option, which does not get passed to clang.
Work around this by adding some compile args to the has_header_symbol()
invocation.
Lower priority of RUN, so that TMPFS and especially the mount flags given with
`TemporaryFileSystem=` are used.
This allows making `/run` private with drop-ins such as:
```
[Service]
BindReadOnlyPaths=/run/systemd:/run/systemd:norbind
TemporaryFileSystem=/run:nodev,noexec,nosuid,rw,size=32k,nr_inodes=10,mode=0755
```
Some types of credentials that a user would want to pass
into the initrd do not depend on the specific kernel/initrd
version. For instance, this can include SSH keys, rootfs
encryption keys, dm-integrity keys, and so on. This
introduces a directory where such credentials can be placed
so that any kernel image will load them
This fixes the following warning:
-----
In /github/workspace/test/units/testsuite-62.sh line 39:
KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.
Did you mean:
KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"
This is more consistent with the terminology used elsewhere. In
particular it is consistent with the name of the property exposed over
dbus for the link state.
So we can mitigate (to some degree) the reoccurring "dissect timeout"
issue:
```
Run sudo python3 -m mkosi boot systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console
Failed to dissect image '/home/runner/work/systemd/systemd/image.raw': Connection timed out
Error: Process completed with exit code 1.
```
