Mention that by default, /home is managed by tmpfiles.d/home.conf, and
recommend that users run systemd-tmpfiles --dry-run --purge first to
see exactly what will be removed.
Let's keep the verb_lock_xyz() and verb_unlock_xyz() calls together, and
move event_log_reduce_to_safe_pcrs() which so far was in betwee them all
further down closer to where the function is actually used.
if we pass NULL boot_entry_token_ensure() will use its own default,
which is the same as what we passed so far explicitly, hence let's make
use of that.
The "service" field that one is supposed to pass to machine is supposed
to indicate the implementation of the client, not the service unit the
client runs in (which is typically even a scope unit, not a system
unit). Hence fix that, and make it closely match what systemd-nspawn
does.
Also, make sure the NUL byte iovec becomes an exported constant too.
This is better than the previous situation where this was a macro
resolving to a compount expression, since the lifetime of the expression
is limited to its invoking scope. By turning this into a proper variable
the lifetime becomes unbounded, which makes it easier to use in various
scenarios, such as "if" blocks.
When in FIDO2 mode with manual parameters, i.e. when not reading the
parameters off the LUKS2 header, the current behavior in regards to PIN,
UP and UV features is to default to v248 logic, where we use PIN + UP
when needed, and do not configure UV at all. Let's allow users to
configure those features in manual mode too.
When calling a method and the user hasn't provided any method call
parameters on the command line we expect them on stdin instead. This
might be confusing for people using varlinkctl for the first time, since
omitting the parameters will just throw you at a blinking cursor.
Let's be a bit more helpful, and show a friendly message when we are
connected to a TTY (i.e. run interactively).
In some recent PRs (e.g. #32628) I started to systematically name return
parameters that shall only be initialized on failure (because they carry
additional error meta information, such as the line/column number of
parse failures or so). Let's make this official in the coding style.
For putting together "varlinkctl call" command lines it's useful to
quickly enumerate all methods implemented by a service. Hence, let's add
a new "list-methods" which uses the introspection data of a service to
quickly list methods.
This is implemented as a special flavour of the "introspect" logic,
and just suppresses all output except for the method names.
let's make it easier to use the introspection functionality of
"varlinkctl": if no interface name is shown, display the introspection
data of all available interfaces. Moreover, allow that multiple
interfaces can be listed, in which case we enumerate them all.
This relieves the user from having to list interfaces first in order to
find the ones which to introspect.
The flag is fairly generic these days and just selects a slightly
stricter validation, with details depending on the selected dispatch
function. Hence, let's give it more precise name, in particular one that
mirrors the SD_JSON_RELAXED flag nicely (which does the opposite:
relaxes parsing)
This is preparation for making our Varlink API a public API. Since our
Varlink API is built on top of our JSON API we need to make that public
first (it's a nice API, but JSON APIs there are already enough, this is
purely about the Varlink angle).
I made most of the json.h APIs public, and just placed them in
sd-json.h. Sometimes I wasn't so sure however, since the underlying data
structures would have to be made public too. If in doubt I didn#t risk
it, and moved the relevant API to src/libsystemd/sd-json/json-util.h
instead (without any sd_* symbol prefixes).
This is mostly a giant search/replace patch.
The functions more or less do the same thing. Merge them.
This makes json_dispatch_path() the common resulting implementation. it
learnt:
1. Will reset the path to NULL if specified as null in JSON
2. Depending on the JSON_SAFE flag will insist on normalized path or not
With this the two implementations are identical, except for the
differences now toggable via JSON_SAFE flag
When we display passed credentials we show a brief safety level based on
how the credential is pass in: if it's backed by swappable memory we
give it a "weak" level. This check was so far done by checking if the
file is backed by ramfs. However, since
1155f44f48 we actually prefer tmpfs with
the new "noswap" option for this.
Hence, fix this, and explicitly look for "noswap" among the mount
options in case we detect tmpfs.
