morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity
84,008 Commits 1 Branch 0 Tags
e921d6d40fda2e4aa2d77b4659e01e8ff7de7a92
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Lennart Poettering e921d6d40f creds: add explicit control on whether to allow null key decryption 
The ability to encrypt/authenticate encryption with a null key was
originally just a fallback concept for cases where during early boot we
have no host key, but the local system has no TPM2. Nowadays it is used
for other stuff as well, such as pcrlock data propagation (i.e. data
that needs no protection itself and required to properly to TPM key
derivation).

Let's give better, explicit control over null key usage, i.e. let's make
it a tristate both on the systemd-creds command line and in the Varlink
IPC to control three cases:

- the default that we allow it only if SecureBoot is off
- explicitly allowed
- explicitly refused (this is new)

Ideally systemd-creds --allow-null switch would take a boolean argument
to control this as a tristate. Alas, that would be a compat break, hence
I added --refuse-null instead (which also maps to the low-level flag for
this).

This also normalizes that the null key is always called "null key" in
messages, and not sometimes "empty key" or "fallback key".
2025-10-08 09:18:28 +02:00
.clusterfuzzlite
.github
copilot: Tell the AI to be thorough
2025-10-06 20:06:03 +09:00
.obs
ci: stop triggering suse-specific package build on OBS
2025-08-08 18:46:07 +01:00
.semaphore
semaphore-runner: disable cgroup setup in lxc
2025-03-16 15:30:38 +01:00
catalog
meson: using f-strings in meson
2025-10-03 21:21:52 +02:00
coccinelle
tree-wide: use sd_bus_message_send() instead of sd_bus_send() wherever possible
2025-06-24 23:23:40 +09:00
docs
docs: Mention newline requirement for multi-line function decl
2025-10-06 20:06:03 +09:00
factory
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
hwdb.d
hwdb: fix calibrate rotation sensor for Positivo K116J (#39189)
2025-10-02 22:50:04 +09:00
LICENSES
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
man
creds: add explicit control on whether to allow null key decryption
2025-10-08 09:18:28 +02:00
mime
mime: add mimetype for luks home dir
2025-03-07 17:27:20 +01:00
mkosi
mkosi: update debian commit reference to e50fce1d4b2a9f1bb990027de8e86603f3b42301
2025-10-05 22:11:40 +01:00
modprobe.d
network
network/dhcp-server: improvements for saving/loading leases (#37835)
2025-06-17 14:31:22 +02:00
po
po: Translated using Weblate (Turkish)
2025-10-04 22:39:07 +02:00
presets
presets: Disable by default for initrd presets
2025-07-04 16:22:27 +01:00
profile.d
osc-context: fix typo: 8003 -> 3008
2025-09-26 05:42:04 +09:00
rules.d
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
shell-completion
bash-completion: update systemd-sysext, systemd-confext
2025-09-26 20:20:49 +02:00
src
creds: add explicit control on whether to allow null key decryption
2025-10-08 09:18:28 +02:00
sysctl.d
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
sysusers.d
meson: drop explicit custom_target names
2025-06-28 17:14:50 +02:00
test
creds: add explicit control on whether to allow null key decryption
2025-10-08 09:18:28 +02:00
tmpfiles.d
fsck,quotacheck: drop support for traditional /forcefsck, /fastboot, and /forcequotacheck files
2025-07-16 05:47:38 +09:00
tools
Stop specifying license for generated file, instead mark as generated
2025-10-04 18:13:27 +02:00
units
meson: drop remaining target names
2025-10-04 18:13:27 +02:00
xorg
.clang-format
clang-format: Add include sorting directives
2025-04-30 09:30:33 +02:00
.clang-tidy
clang-tidy: enable bugprone-argument-comment check
2025-06-04 15:50:00 +02:00
.clangd
clangd: Enable UnusedIncludes feature again
2025-05-24 20:57:05 +02:00
.ctags
.dir-locals.el
.editorconfig
chore: fix editorconfig pattern and add setting for zsh
2025-05-30 14:53:45 +09:00
.gitattributes
.gitignore
mkosi: update mkosi commit reference to 7e4ec15aee6b98300b2ee14265bc647a716a9f8a
2025-04-10 02:51:37 +09:00
.mailmap
mailmap: deduplicate Daan
2025-09-17 12:08:03 +02:00
.packit.yml
mkosi: update fedora commit reference to 7de88c66bdc26920db570e67ef74e579f8461d9c
2025-06-16 18:54:08 +01:00
.pylintrc
.vimrc
.ycm_extra_conf.py
tools: consistently use #!/usr/bin/env python3
2025-07-25 12:33:13 +02:00
CITATION.cff
add CITATION.cff file
2025-06-05 14:39:20 +02:00
LICENSE.GPL2
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
LICENSE.LGPL2.1
licensing: update address of FSF
2025-10-07 13:00:12 +01:00
meson_options.txt
firewall-util: remove iptables backend
2025-09-19 15:33:15 +09:00
meson.build
meson: add target aliases 'man' and 'html'
2025-10-04 18:13:27 +02:00
meson.version
meson: bump version to 259~devel for next cycle
2025-09-17 13:06:07 +01:00
mypy.ini
Move mypy.ini and ruff.toml to top level
2024-11-24 16:47:20 +01:00
NEWS
NEWS: Document new uaccess udev rule priority requirement
2025-10-05 15:47:22 +02:00
README
Revert "Bump required minimum version of libfido2 to 1.5.0" and add missing def instead
2025-09-27 15:46:13 +02:00
README.md
README: update badges
2025-05-22 01:37:05 +09:00
ruff.toml
ruff: Default to python 3.7 version
2025-07-10 18:09:17 +02:00
TODO
update TODO
2025-09-26 10:03:12 +02:00

README.md

Systemd

System and Service Manager

OBS Packages Status
Semaphore CI 2.0 Build Status
Coverity Scan Status
OSS-Fuzz Status
CIFuzz
CII Best Practices
Fossies codespell report
Translation status
Coverage Status
Packaging status
OpenSSF Scorecard

Details

Most documentation is available on systemd's web site.

Assorted, older, general information about systemd can be found in the systemd Wiki.

Information about build requirements is provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the Code Map for information about this repository's layout and content.

Please see the Hacking guide for information on how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel

Stable branches with backported patches are available in the stable repo.

We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack

Repositories with distribution packages built from git main are available on OBS

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme Cite this repository 321 MiB
Languages
C 89%
Python 5.1%
Shell 4.5%
Meson 1.2%