Implement serialization/deserialization for DNR servers. This re-uses
the string format in place for user configuration of DoT servers, and as
a consequence non-DoT servers are discarded when recording the link
configuration, for correctness.
This also enables sd-resolved to use these servers as it would other DNS
servers.
This option will control the use of DNR for choosing DNS servers on the
link. Defaults to the value of UseDNS so that in most cases they will be
toggled together.
This option is another way for DHCP servers to indicate preferred DNS
servers for the network, but includes more detailed info like the server
name, transport (DoT/DoH/DoQ etc.), and port.
Allow our DHCPv4 client to parse this option.
This type will be used to represent a "designated resolver", and the
necessary info for communicating with it. Beyond and address endpoint,
we may need to know the dns transport, authenticated domain name, DoH
path, etc.
Update frameworks that work automatically in the background
occasionally need to schedule reboots. Systemd-logind already
provides a nice mechanism to schedule shutdowns, send notfications
and block logins short before the time. Systemd has a framework for
calendar events, so we may conveniently use logind to define a
maintenance time for reboots.
The existing ScheduleShutdown DBus method in logind expects a usec_t
with an absolute time. Passing USEC_INFINITY as magic value now tells
logind to take the time from the configured maintenance time if set.
"shutdown -r" leverages that and uses the maintenance time
automatically if configured. The one minute default is still used if
nothing was specified.
Similarly the new 'auto' setting for the --when parameter of systemctl
uses the maintenance time if configured or a one minute timer like the
shutdown command.
systemd-cryptsetup supports a FIDO2 mode with manual parameters, where
the user provides all the information necessary for recreating the
secret, such as: credential ID, relaying party ID and the salt. This
feature works great for implementing 2FA schemes, where the salt file
is for example a secret unsealed from the TPM or some other source.
While the unlocking part is quite straightforward to set up, enrolling
such a keyslot - not so easy. There is no clearly documented
way on how to set this up and online resources are scarce on this topic
too. By implementing a straightforward way to enroll such a keyslot
directly from systemd-cryptenroll we streamline the enrollment process
and reduce chances for user error when doing such things manually.
This is mostly intended as test case for the early enum comment bugfix,
as this Varlink IDL description now contains such comments, and
test-varlink-idl will process it forth and back aleady.
This normalizes how we report an empty list of boot entries in
ListBootEntries(). Our usual pattern is to return one item per method
call, but when there is none we usually return a NoSuchXYZ error. Do so
here too.
Before this we'd return a null item instead here, and only here.
This is a minor compat break, but given that this IPC interface is very
new and probably not used so far (we don't use it in our code at least,
and google doesn#t find any other use) I think this normalization is OK
at this point.
And drop spurious assertion.
Fortunately, the previous logic worked, as /run/systemd/unit-private-tmp
is ordered earlier than /tmp or /var/tmp. But, let's ensure the tmpfs
mounted earlier to make the logic clearer.
Follow-up for 0e551b04ef.
In 99% of uses of sd_json_build() we want to build an object as
outermost construct. Let's shorten this most common case a bit, by
adding sd_json_buildo() that implies this. This allows us to shorten
much of our code, all across the tree.
Even though we don't export json_log() in the public API, let's
officially make the SD_JSON_WARNING/SD_JSON_DEBUG that control its
effect in the public API.
After all, for our own dispatcher functions they have a nice effect, and
they are trivially reimplemented in user code independently.
(We might eventually consider exporting json_log() as public API, but
this is quite involved, given its use of macros/inline functions and
iternal logging API).
This mostly just swaps around the bit flags and cleans up comments.
Currently, install_info_apply() only updates r if it's 0,
meaning that if one of the earlier install_info_symlink_alias/wants()
calls returns > 0, errors generated by later calls will be discarded.
Fix that.
This also
- merges basic/linux and shared/linux,
- moves BPF_JUMP_A() to basic/missing_bpf.h,
- copies from usrspace kernel headers directory generated by 'make headers',
rather than copying from kernel tree,
- copies const.h into our tree to reduce change in ethtool.h,
- copies auto_fs.h into our tree to reduce change in auto_dev-ioctl.h.
