Added in 6140be90ec
However, when O_PATH fds are encountered we'd have to go by
/proc/self/fd/ still, since the kernel people are reluctant
to make the new syscalls work with them
(https://lore.kernel.org/linux-fsdevel/20250206-steril-raumplanung-733224062432@brauner/)
Hence getxattrat() and listxattrat() are not employed.
While at it, remove the discrepancy between path being NULL
and empty - I don't grok the "security issue" claimed earlier,
but nowadays even the kernel treats the two as identical:
e896474fe4
These networks are not connections to upstream routers, but where we are
ourselves are the upstream router, hence it doesn't make too much sense
to require them to be up as default to determine if we are "online",
because they lead "in the wrong direction".
Also, disable DHCP lease persistency for these networks, since
container/VM/namespaces are generally shortlived, and typically have no
persistent identity. Moreover, the IP range we assign each VM/container
connection is just too small to permit persistency, as otherwise we'll
run out of leases way too quickly if VM/containers are restarted a bunch of
times with different MAC addresses (which I ran into).
I think these are better defaults, but of course these are only
defaults.
Update po-file based on latest generated from source
Update systemd.bg.catalog.in based on latest in source
Signed-off-by: Alexander Shopov <ash@kambanaria.org>
This adds `--json=MODE` command line option to `udevadm test`.
This may be useful for parsing e.g. network interface name or device
node symlinks.
Closes#23661.
Follow-up for 97318131fd.
By default, suite of each built test is determined by the directory of
the source file. Hence, before the mentioned commit, all tests in
src/boot/efi/ are in the 'efi' suite. The commit changed the directory
tree, but forgot to update the name of the test suite.
Add a build parameter to take an existing UKI and attach a .pcrsig
section
to it. This allows one to create a UKI with a .pcrpkey section with
--policy-digest to get the json output from sd-measure, sign the digest
offline, and attach the .pcrsig section with the signature later.
This adds --json=MODE option for 'udevadm test' command.
When specified, all messages, except for the final result, will be
written to stderr, and the final result is shown in JSON format to
stdout. It may be useful for parsing the test result.
pefile has an hardcoded limit to 256MB per section:
https://github.com/erocarrera/pefile/issues/396
When building an initrd with large firmware files and
lots of kernel modules, this limit can be reached.
Skip over those warnings.
Add a build parameter to take an existing UKI and attach a .pcrsig section
to it. This allows one to create a UKI with a .pcrpkey section with
--policy-digest to get the json output from sd-measure, sign the digest
offline, and attach the .pcrsig section with the signature later.
The rpm 4.20 release introduces the following downstream
change in /usr/lib/rpm/macros:
```
%buildroot %{_builddir}/%{NAME}-%{VERSION}-build/BUILDROOT
```
This definition is broken as rpm internally does the following
since 4.20 to calculate the buildroot:
```
char *bn = rpmExpand("%{NAME}-%{VERSION}-build", NULL);
/* Tilde and caret in paths are evil, convert to underscores */
for (char *t = bn; *t; t++) {
if (*t == '^' || *t == '~')
*t = '_';
}
```
This has broken our upstream opensuse CI builds in systemd as
we do the following to fetch the list of unpackaged files by the rpm build:
```
rpmbuild
...
--define "__check_files sh -c '$(rpm --define "_topdir /var/tmp" --eval %__check_files) | tee /tmp/unpackaged-files'"
...
```
which stopped working because the check files script tries
to look for unpackaged files in the "/var/tmp/BUILD/systemd-258~devel-build/BUILDROOT"
directory (%buildroot) whereas it should be looking in "/var/tmp/BUILD/systemd-258_devel-build/BUILDROOT".
Let's remove the %buildroot compat definition until the bug is
addressed in opensuse tumbleweed.
Some bind mounts, e.g. /tmp bind mount when PrivateTmp=disconnected,
must be explicitly relabeled because now it would have incorrect SELinux
label. /tmp is expected to have well-known SELinux label, tmp_t. Now it
has label inherited from the source directory of the bind mount.
Change was requested in response on #36297.
The reason for that change is that XBox Series Elite controller has
exact 4 buttons identified as keyboard key sets.
While it detects using USB connection without any issues, wireless
connection ends with assumption that it's a keyboard.
Let's derive XKBLAYOUT and friends from the given keymap and populate
these as well in vconsole.conf so that if the user configures a keymap
it's also respected in display managers such as gdm.
Let's derive XKBLAYOUT and friends from the given keymap and populate
these as well in vconsole.conf so that if the user configures a keymap
it's also respected in display managers such as gdm.
