[pull] main from systemd:main #236
Open
+932,790
−437,350
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
github-actions
bot
added
documentation
pull
bot
added
⤵️ pull
and removed
documentation
github-actions
bot
added
documentation
No functional change, just refactoring.
Now our kernel baseline is 5.4, hence we can always write action string with a synthetic UUID.
Then, this makes sd_device_trigger() a simple wrapper of sd_device_trigger_with_uuid().
Expose /sys/class/dmi/id/chassis_asset_tag in varlink/dbus commonly used by companies to track inventory such as laptops. On desktops and other products the `chassis_asset_tag` can contain rubbish similar to product_name/product_vendor. Closes: #36442
In relevant factory reset situation the root disk itself is subject to removal. This somewhat conflicts with automatic root disk discovery, since the system first comes up with one candidate for the root disk, which is then replaced by another. Let's address this by determining at the moment of probing for the gpt-root logic what the factory reset state currently is. This is then used to maintain two distinct symlinks to the gpt auto root device: one which is always available and one that is only available if factory reset is off or complete. The new symlinks is not used by anything yet. This will be added in a later commit.
When services start up they might query for passwords, or issue polkit
requests. Hence it makese sense to run the password query agent and
polkit agent from systemd-run. We already ran the polkit agent, this
also ensures we run the password query agent.
There's one tweak to the story though: running the agents and the pty
forwarder concurrently is messy, since they both try to read from stdin
(one potentially, the other definitely). Hence, let's time the agents
properly: invoke them when we initialize, but stop them once the start
job for the unit we are supposed to run is complete, and only then run
the pty forwarder.
With this in place, the following series of commands starts to work
really nicely (which previously deadlocked):
# homectl create foobar
# run0 -u foobar
What happens in the background in run0 is this: a new session is invoked
for "foobar", which pulls in the [email protected] instance for the user.
That [email protected] instance will need to unlock the homedir first. Since
8af1b29 this will happen via the askpw
logic. With this commit here this prompt will now be shown by run0. Once
the password is entered the directory is unlocked and the real session
begins. Nice!
This new behaviour is conditioned behind --pty-late (distinct from the
existing --pty switches). For systemd-run we will never enable this mode
by default, for compat with command lines that use ExecStartPre=
(because we won't process the pty anymore during that command) For
run0 however this changes the default to --pty-late (unless
--no-ask-password is specified). This reflects the fact that run0 is
more of an interctive tool and unlikely to be used in more complex
service start-up situations with ExecStartPre= and suchlike.
This also merges JobDoneContext into RunContext, since it doesn't really
make sense to have two contexts around to communicate between outer
stack frame and event handlers. Let's just have one, and pass it around
to all handlers the same way. In particular as we should delay exit only
until both the unit's job is complete *and* in case of --wait the unit
is exited, one of the two should not suffice.
Otherwise, if the system is busy, TEST-02-UNITTESTS will fail as systemd will time out trying to kill the transient unit that we're running test-async in.
Follow-up for 31ec0d8.
Follow-up for 8378495.
… add support for resetting TPM as part of factory reset (#36512)
If all transfer definitions are features and disabled, a wrong error is reported that there are no transfer definitions. This breaks the features and vaccum verb, as they work on disabled features, too.
Follow-up for 41d9ed9.
Follow-up for 73e53d2.
We have dnf5 on Fedora, no need to install dnf there anymore
* 4ab2a9e539 Drop old self-Obsoletes and provides * ec182495e7 Drop libbpf versioned dependency version to 1.4.7 * 1f8d2b0ebd Make self-obsoletes for the sysusers split conditional * 0d95af264f Include epoch in versioned libbpf dependency * 8230f501b6 Make sure we pull in libbpf >= 1.5.0 if libbpf is installed
* dfdab6b205 Install new files * e00bee5b4a Install new files
This new helper patches a provide image policy, setting the policy for specified designators to "ignore". This is useful for contexts where we only want to mount some subset of the available partitions, and hence don't care about the parts of the policy that cover the others. Specifically this is useful in systemd-gpt-auto-generator, which runs at a moment the root file system is already established, and hence the policy for the root file system can be ignored, the facts are already established.
The partition enumeration only runs on the main system, and we test that early, hence no point in repeating this in functions further down the call chain. But let's keep it in place as assert()s, just in case. Also, move the top-level in_initrd() into add_mounts(), so that the tests are nicely encapsulated in the code they protect.
…/ fs At the moment the gpt-auto generator does its things we already transitioned into the host OS, i.e. the root fs and /usr/ are mounted. Hence suppress image policy checks for those two partitions. This actually matters, because the root hash/usr hash is taken into consideration for the image policy checks, but we don't have that in gpt-auto and hence would refuse operation claiming policy conflicts event though we never actually operate on the root fs via the dissection logic.
…--mutable= is on This way we can make an immutable OS mutable, without any extensions or so. Fixes: #34445
Let's make sure we can define a proper image policy on ParticleOS images.
This is how sysupdate marks empty partitions, hence ignore that. Kinda a follow-up for 54ae0ed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )