system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-01 07:34:28 +00:00
Code Issues Projects Releases Wiki Activity
70,645 Commits 5 Branches 384 Tags 526 MiB
C 87.3%
Python 6.2%
Shell 2%
C++ 1.4%
Meson 1.3%
Other 1.7%
48d67957d5
Go to file
Lennart Poettering 48d67957d5 creds-util: add a concept of "user-scoped" credentials 
So far credentials are a concept for system services only: to encrypt or
decrypt credential you must be privileged, as only then you can access
the TPM and the host key.

Let's break this up a bit: let's add a "user-scoped" credential, that
are specific to users. Internally this works by adding another step to
the acquisition of the symmetric encryption key for the credential: if a
"user-scoped" credential is used we'll generate an symmetric encryption
key K as usual, but then we'll use it to calculate

    K' = HMAC(K, flags || uid || machine-id || username)

and then use the resulting K' as encryption key instead. This basically
includes the (public) user's identity in the encryption key, ensuring
that only if the right user credentials are specified the correct key
can be acquired.
2024-01-30 17:07:47 +01:00
.clusterfuzzlite ci: unpin CFLite 2022-04-26 09:13:57 +00:00
.github CI: set TZ= in a unit test run to ensure tests don't break 2024-01-26 00:25:04 +00:00
.semaphore test: use 'until' instead of 'while !' 2023-09-06 19:54:29 +01:00
catalog portable: log structured message when attach/detach succeeds 2024-01-19 17:03:04 +01:00
coccinelle cocci: merge mfree.cocci and mfree_return.cocci (#30838) 2024-01-09 12:24:37 +09:00
docs core: add SYSTEMD_VERITY_SHARING env var for local development 2024-01-26 10:14:15 +00:00
factory man: don't suggest using pam_unix.so's use_authtok switch 2024-01-17 23:59:05 +00:00
hwdb.d hwdb: ieee1394-unit-function: adjustment of entries with device attributes available in Linux v6.8 2024-01-24 19:37:09 +09:00
LICENSES LICENSES/README.md: fix syntax 2023-07-08 22:33:53 +00:00
man man/systemd-notify: don't say "the latter" if more than 2 options 2024-01-30 03:27:36 +08:00
mime creds-util: add a concept of "user-scoped" credentials 2024-01-30 17:07:47 +01:00
mkosi.conf.d Update to mkosi v19 2023-11-28 19:54:58 +01:00
mkosi.images mkosi: Use --auto-features=enabled for meson 2024-01-26 00:12:57 +01:00
modprobe.d modprobe: set 'ifb numifbs=0' to avoid autocreating ifb0 2024-01-12 23:24:54 +00:00
network network: fix 6rd tunnel link section name 2024-01-12 21:42:04 +00:00
po po: Translated using Weblate (Indonesian) 2024-01-22 10:15:22 +01:00
presets preset: add some alphabetical sorting 2024-01-23 19:57:23 +00:00
rules.d Fix systemd-backlight ignoring numbered kbd_backlight entries 2024-01-22 22:03:35 +00:00
shell-completion nspawn: optionally tint the background color of a container 2024-01-23 16:45:37 +01:00
src creds-util: add a concept of "user-scoped" credentials 2024-01-30 17:07:47 +01:00
sysctl.d sysctl.d: Fix pid_max comment 2023-10-31 13:07:49 +01:00
sysusers.d Revert "sysusers.d: create the user for systemd-journal-upload.service" 2023-12-04 19:44:10 +01:00
test test: use lstat() instead of stat(follow_symlinks=False) 2024-01-26 21:13:28 +00:00
tmpfiles.d ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets 2024-01-11 16:05:20 +01:00
tools man: suffix signals with () 2024-01-23 16:27:50 +01:00
units units: Order pcrlock services after systemd-remounts-fs.service 2024-01-26 21:15:59 +00:00
xorg xorg/50-systemd-user: add a full license header 2021-10-01 14:45:00 +02:00
.clang-format clang-format: Adjust style of pointers 2022-05-30 04:00:54 +09:00
.ctags editors: Prevent ctags from following symlinks 2019-02-15 11:01:20 -08:00
.dir-locals.el scripts: use 4 space indentation 2019-04-12 08:30:31 +02:00
.editorconfig editorconfig: add NEWS whitespace configuration 2023-10-26 22:41:03 +01:00
.gitattributes Mark all base64 files as generated 2023-08-16 12:49:45 +02:00
.gitignore Update to mkosi v19 2023-11-28 19:54:58 +01:00
.mailmap mailmap: "reduce contributor count by 13" 2023-08-16 12:49:42 +02:00
.packit.yml packit: add a libarchive runtime dependency too 2024-01-26 16:10:00 +01:00
.pylintrc Add .pylintrc to globally suppress warnings we don't really care about 2023-08-10 18:13:29 +02:00
.vimrc vimrc: explicitly set shiftwidth for the C file type 2023-09-18 13:11:45 +02:00
.ycm_extra_conf.py ycm: add doc string for all the functions in configuration file 2017-11-29 13:21:49 -07:00
configure configure: update meson invocation 2023-07-29 14:08:06 +02:00
LICENSE.GPL2 relicense to LGPLv2.1 (with exceptions) 2012-04-12 00:24:39 +02:00
LICENSE.LGPL2.1 licence: remove references to old FSF address 2012-12-17 11:41:31 +01:00
Makefile tree-wide: add spdx header on all scripts and helpers 2021-01-28 09:55:35 +01:00
meson_options.txt dissect: add --make-archive option to convert DDI to tarball 2024-01-25 18:47:39 +01:00
meson.build dissect: add --make-archive option to convert DDI to tarball 2024-01-25 18:47:39 +01:00
mkosi.conf mkosi: Build a directory image by default 2024-01-12 16:19:48 +01:00
mkosi.kernel.config mkosi: Don't disable CONFIG_USB 2023-09-06 12:58:30 +02:00
NEWS networkd: support proxy_arp_pvlan sysctl 2023-12-24 03:40:03 +09:00
README Remove a few references to dracut 2024-01-24 17:54:38 +01:00
README.md README.md: irc:// URLs are not rendered as links by markdown on Github 2023-12-06 22:23:16 +01:00
TODO update TODO 2024-01-29 14:43:22 +01:00

README.md

Systemd

System and Service Manager

Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
CentOS CI - CentOS 8
CentOS CI - Arch
CentOS CI - Arch (sanitizers)
Fossies codespell report
Weblate
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.