gcrypt is used only for journal sealing operations in libsystemd, so it
can be made into a dlopen dependency that is used only on demand. This
allows to reduce the footprint of libsystemd in the most common cases.
Keep systemd-pull and systemd-resolved with normal linking, as they are
executables, and usually built with OpenSSL support anyway.
Also, use the more correct type of 'const char* const*' for the input strv.
This requires adding the cast in a few places, but also allows to remove some
casts in others.
Follow-up for 26d98cdd78
I.e. stat() cannot be used here.
Also, before this commit, the 'X' is only applied if
the owner has execute bit set. Now it takes group and
other into consideration too. setfacl(1) also has
the same behavior.
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
The idea is simple: skip the final operation that creates or removes things
or changes the attributes, but otherwise go through the rest of the code.
This results in quite a lot of fairly repetitive conditions in the low-level
code. Another approach would be to print earlier, at a higher level, but then
we'd have less precise information about what is about to happen.
... i.e. apply nested config (exclusions and such) when executing R and D.
This fixes a long-standing RFE. The existing logic seems to have been an
accident of implementation. After all, if somebody specifies a config with
'R /foo; x /tmp/bar', then probably the goal is to remove stuff from under /foo,
but keep /tmp/bar. If they just wanted to nuke everything, then would not specify
the second item.
This also makes R and D use O_NOATIME, i.e. the access times of the directories
that are accessed will not be changed by the cleanup.
Obviously, we'll have to add this to NEWS and such.
Looking at the whole tmpfiles.d config in Fedora, this change has no effect.
The test cases are adjusted as appropriate. I also added another test case for
'R'/'D' with a file, just to test this code path more.
Replaces #20641.
Fixes#1633.
One of the three must always be specified, but they buried in a long list of
options in the output of --help. Make them more visible to draw the eye.
Also, drop "marked" from the description. It's supposed to mean "configured",
but it's a strange way to say that, and also it's generally obvious that the
program does what its configuration tells it to, and it's not going to remove
all files found on the system.
a3451c2c4c added offline uid/gid support in a way
where the <root>/etc/passwd and <root>/etc/group would be read anew for each
configuration file that was parsed. The result would always be the same, so I
assume that this was an oversight. Let's use a global cache and and read the
file just once.
I was trying to run sysusers --replace, but the input file didn't have the right
suffix, and the message was very confusing. Let's split the message in two to
make it clearer that we care about the extension.
When using the `--image` or `-E` options, `arg_exclude_prefixes` is extended via
the `exclude_default_prefixes` function, which calls `strv_extend_strv`, adding
values using `strdup` that must be freed on exit.
Also changing `arg_include_prefixes` to use the same model, although there is no
leak here.
Add EINVAL to the list of ignored errnos, since acl_from_text() returns
EINVAL if it can't translate the given string.
~# cat /tmp/tmpfiles-test.conf
a+ /tmp/foo - - - - default:group:foo:rwx
~# build/systemd-tmpfiles /tmp/tmpfiles-test.conf --create --graceful
Failed to parse ACL "default:group:foo:rwx", ignoring: Invalid argument
Resolves: #29742
This is like --cat-config, but omits the comments and empty lines.
The name is incoungrous with --cat-config, but I don't see a nice way to
call it that wouldn't be annoyingly long.
pager_open() is moved to cat_config() to remove some lines from run().
"static inline" makes sense in .h files. But in .c files it's useless
decoration, the compiler should just make its own decisions there, and
it can do that.
hence, replace all remaining uses of "static line" by a simple" static"
in all .c files (but keep them in .h files, where they make sense)
The subvolumes set is a set of source inodes similar to how the
denylist hashmap contains source inodes as keys. It indicates
directories in the source tree that should become subvolumes in
the target tree.
Given that ERRNO_IS_NOT_SUPPORTED() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the arguments passed to ERRNO_IS_NOT_SUPPORTED() are the
values returned by btrfs_subvol_make_fd() which is not expected to
return any positive values, but let's be consistent anyway and move
ERRNO_IS_NOT_SUPPORTED() invocations to the branches where
the return values are known to be negative.
