Adds a SAFE_FD_FLAGS define to list out all the safe FD flags, and also
an UNSAFE_FD_FLAGS() macro to strip out the safe flags and leave only
the unsafe flags. This can be used to quickly check if any unsafe flags
are set and print them for diagnostic purposes
The command will refuse to write to a TTY, so give a strong hint
that redirecting to a file is recommended. This makes the synopsis,
man page text, and --help output consistent.
Also drop the space after the redirection operator everywhere.
This bool controls whether we should interactively ask for a password,
which is pretty much what the ask_password-api.c APIs are about. Hence,
just make the bool a flag in AskPasswordFlags enum, and use it
everywhere.
This still catches the flag early in upper levels of the codebase,
exactly as before, but if the flag is still present in the lower layers
it's also handled there and results in ENOEXEC if seen.
This is mostly an excercise in simplifying our ridiculously long
function call parameter lists a bit.
Let's bring the credentials into a better order, in order of relevance.
Also, let's clarify what the generic LUKS PIN is about.
Finally, list the credentials in system-credentials(7) too, after all
people might want to unlock a disk with this via SMBIOS Type 11 or so.
Let's make sure that when cryptenroll asks for the TPM2 or FIDO2 token
PIN it uses cryptenroll.* credential namespace, and cryptsetup uses
cryptsetup.*.
similar as the previous commit, let's clean up the credential name we
use. Use home.token-pin in case of homectl, and cryptenroll.pkcs11-pin
in case of cryptenroll.
The TPM2 enrollment is the only of the three token enrollments where the
user picks a PIN at enrollment time (the others have a PIN set for the
token, not for the enrollment). Let's make sure it uses a different
credential for retrieving this PIN, in order to make sure people can
programmatically change PINs via credentials (in which case they need to
supply both).
Querying a fido2 PIN via askpw for enrolling is currently used in two
places: cryptenroll and homectl. So far we sloppily used the same fixed
credential name "fido2-pin" in both cases. Let's tweak that and make the
credential name match the other credentials cryptenroll or home query,
i.e. using the cryptenroll.* and home.* namespaces.
This is particular done in light of #31370, which wants to make the
credential name public. We really should get the name in order before
making it public.
Let's drop the "systemd-" prefix from the credential name. We do not
prefix credentials that way so far. Don't do so here either.
The name is not really API, it's not documented, hence change it now
where we still can.
The "id" is used in the askpw protocol to recognize password prompts, in
case a service is replying to them and needs some id. Previously we set
an incorrect id, the one of cryptsetup. Fix that.
(I guess the id is not used much, it comes from a time where we had no
credentials, and thus some people wanted to supply passphrases
programmatically rather interactively. The usecase is probably gone, but
we should still set some valid id I guess.)
Rather than adding more and more parameters to ask_password_auto(), let's
pass a structure of the fields that often are constant anyway.
This way, callers can fill in what they need, and we take the filled
structure which we can pass around internally as one.
This is in particular preparation for adding one more field in one of
the next commits.
This is inspired by one of our internal tests that does pretty much the
same thing. However, it is slightly more convoluted than I'd like it to
be, since I really don't want to duplicate the list of our units in
another place, so we need to, somehow, pass the list from the meson file
to the test script. I originally envisioned this to be a part of the
unit test suite, but this doesn't work for unit files with absolute
paths to binaries, as we'd have to install the build first (maybe using
a chroot would work?).
It doesn't check man pages (since they might not be installed on the
test machine) and also skip recursive dependencies (as that would trip
over issues in files that are not under our direct control), but it
should still cover typos and such.
There are currently two units for which the check had to be disabled -
syslog.socket, as the corresponding syslog.service might not be
installed, and rc-local.service as that's a compat API and the necessary
/etc/rc.d/rc.local file may not (and most likely won't be) present.
If the default boot entry name doesnt leave enough space for the
indicator arrow, it overwrote the first two characters of the entry
Now every line will always have enough padding.
As in other cases, this is simpler but better.
pahole:
- /* size: 336, cachelines: 6, members: 50 */
- /* sum members: 316, holes: 4, sum holes: 19 */
- /* sum bitfield members: 4 bits, bit holes: 1, sum bit holes: 4 bits */
- /* last cacheline: 16 bytes */
+ /* size: 328, cachelines: 6, members: 50 */
+ /* sum members: 320, holes: 3, sum holes: 8 */
+ /* last cacheline: 8 bytes */
Because of alignment, those bitfields were not doing anything useful,
and were causing the generated code to be more complicated. But in this
case, at least potentially there might be a number of copies of those
structs (if we have a bunch of time servers configured), so let's actually
implement the intended space savings by reording the fields to reduce the
size of holes.
We have two bools followed by a func pointer, which is aligned to e.g. 8 bytes,
so whether the two bools take one bit, one byte, or even a full word, makes no
difference in storage size. But the code generated to service a bitfield is
more complicated.
Also switch to FOREACH_ARRAY().
Precedence for example in ac63c8df30/rules.d/99-systemd.rules.in (L75).
Add ENV to the list of keys where string substitutions can be used.
While I'm at it, also sort the list in that paragraph alphabetically.
Follow-ups for e1634bb832.
- Allow to call the method without "name" and "type".
- Allow to specify SD_RESOLVE_NO_TXT and SD_RESOLVE_NO_ADDRESS.
- Allow to provide multiple services, and fix memory leak.
- Rearrange the return value format.
- Encode TXT field with octescape() to make the field matches with the
io.systemd.Resolve.Monitor interface.
Fixes#31371.
Avoid the following warning on C9S by explicitly initializing
"object".
"""
[389/2801] Compiling C object src/shared/libsystemd-shared-256-devel.a.p/pkcs11-util.c.o
../src/src/shared/pkcs11-util.c: In function ‘pkcs11_token_find_private_key’:
../src/src/shared/pkcs11-util.c:983:21: warning: ‘object’ may be used uninitialized in this function [-Wmaybe-uninitialized]
983 | *ret_object = object;
| ~~~~~~~~~~~~^~~~~~~~
"""
